The vulnerability of the network management system for monitoring and managing industrial networks in SINEC NMS lies in the improper limitation of the path name to the restricted access directory. This allows a hacker to export monitoring data and upload files from the file system.

🗓️ 24 Apr 2024 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru

SINEC NMS has improper path restrictions to restricted dirs, enabling data export and file upload.

Reporter	Title	Published	Views	Family All 10
CNNVD	Siemens SINEC NMS 路径遍历漏洞	9 Apr 202400:00	–	cnnvd
CNVD	Siemens SINEC NMS Path Traversal Vulnerability (CNVD-2024-27532)	12 Apr 202400:00	–	cnvd
CVE	CVE-2024-31978	9 Apr 202408:34	–	cve
Cvelist	CVE-2024-31978	9 Apr 202408:34	–	cvelist
EUVD	EUVD-2024-29836	3 Oct 202520:07	–	euvd
ICS	Siemens SINEC NMS	9 Apr 202400:00	–	ics
NVD	CVE-2024-31978	9 Apr 202409:15	–	nvd
Positive Technologies	PT-2024-3046	9 Apr 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-31978	5 Feb 202500:23	–	redhatcve
Vulnrichment	CVE-2024-31978	9 Apr 202408:34	–	vulnrichment

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/html/ssa-128433.html
safe-surf	www.safe-surf.ru/upload/VULN-new/VULN.2024-04-19.1.pdf
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2024041509
web	www.web.nvd.nist.gov/view/vuln/detail

24 Apr 2024 00:00Current

CVSS 37.6

CVSS 28

EPSS0.00183

network management system path restrictions restricted directories data export file upload security vulnerability