U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:siemens:sinec_nms:1.0:sp1:*:*:*:*:*:*
  • CPE Name Search: true
There are 27 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2024-41941

A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and modify settings in the application without authorization.

Published: August 13, 2024; 4:15:15 AM -0400
V4.0:(not available)
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2024-41940

A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly validate user input to a privileged command queue. This could allow an authenticated attacker to execute OS commands with elevated privileges.

Published: August 13, 2024; 4:15:14 AM -0400
V4.0:(not available)
V3.1: 9.1 CRITICAL
V2.0:(not available)
CVE-2024-41939

A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and elevate their privileges on the application.

Published: August 13, 2024; 4:15:14 AM -0400
V4.0:(not available)
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2024-41938

A vulnerability has been identified in SINEC NMS (All versions < V3.0). The importCertificate function of the SINEC NMS Control web application contains a path traversal vulnerability. This could allow an authenticated attacker it to delete arbitrary certificate files on the drive SINEC NMS is installed on.

Published: August 13, 2024; 4:15:14 AM -0400
V4.0:(not available)
V3.1: 3.8 LOW
V2.0:(not available)
CVE-2024-36398

A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application executes a subset of its services as `NT AUTHORITY\SYSTEM`. This could allow a local attacker to execute operating system commands with elevated privileges.

Published: August 13, 2024; 4:15:10 AM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-44315

A vulnerability has been identified in SINEC NMS (All versions < V2.0). The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could prepare a stored cross-site scripting (XSS) attack that may lead to unintentional modification of application data by legitimate users.

Published: October 10, 2023; 7:15:12 AM -0400
V4.0:(not available)
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-30527

A vulnerability has been identified in SINEC NMS (All versions < V2.0). The affected application assigns improper access rights to specific folders containing executable files and libraries. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges.

Published: October 10, 2023; 7:15:10 AM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2021-42550

In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.

Published: December 16, 2021; 2:15:08 PM -0500
V4.0:(not available)
V3.1: 6.6 MEDIUM
V2.0: 8.5 HIGH
CVE-2021-33736

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.

Published: October 12, 2021; 6:15:12 AM -0400
V4.0:(not available)
V3.1: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2021-33735

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.

Published: October 12, 2021; 6:15:12 AM -0400
V4.0:(not available)
V3.1: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2021-33734

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.

Published: October 12, 2021; 6:15:12 AM -0400
V4.0:(not available)
V3.1: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2021-33733

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.

Published: October 12, 2021; 6:15:12 AM -0400
V4.0:(not available)
V3.1: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2021-33732

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.

Published: October 12, 2021; 6:15:12 AM -0400
V4.0:(not available)
V3.1: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2021-33731

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.

Published: October 12, 2021; 6:15:12 AM -0400
V4.0:(not available)
V3.1: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2021-33730

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.

Published: October 12, 2021; 6:15:12 AM -0400
V4.0:(not available)
V3.1: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2021-33729

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker that is able to import firmware containers to an affected system could execute arbitrary commands in the local database.

Published: October 12, 2021; 6:15:12 AM -0400
V4.0:(not available)
V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2021-33728

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to upload JSON objects that are deserialized to JAVA objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this vulnerability by sending a crafted serialized Java object. An exploit could allow the attacker to execute arbitrary code on the device with root privileges.

Published: October 12, 2021; 6:15:12 AM -0400
V4.0:(not available)
V3.1: 7.2 HIGH
V2.0: 9.0 HIGH
CVE-2021-33727

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker could download the user profile of any user. With this, the attacker could leak confidential information of any user in the affected system.

Published: October 12, 2021; 6:15:11 AM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2021-33726

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to download arbitrary files under a user controlled path and does not correctly check if the relative path is still within the intended target directory.

Published: October 12, 2021; 6:15:11 AM -0400
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2021-33725

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to delete arbitrary files or directories under a user controlled path and does not correctly check if the relative path is still within the intended target directory.

Published: October 12, 2021; 6:15:11 AM -0400
V4.0:(not available)
V3.1: 9.1 CRITICAL
V2.0: 5.0 MEDIUM