Lucene search

China National Vulnerability DatabaseCNVD-2023-75590

HistoryOct 11, 2023 - 12:00 a.m.

Siemens SINEC NMS Cross-Site Scripting Vulnerability

2023-10-1100:00:00

China National Vulnerability Database

www.cnvd.org.cn

siemens

network management system

nms

cross-site scripting

vulnerability

industrial networks

snmp

configuration data

6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.0%

JSON

Siemens SINEC NMS is a network management system (NMS) from Siemens, Germany, that can be used 24/7 to centrally monitor, manage and configure industrial networks with tens of thousands of devices, including safety-related areas. The Siemens SINEC NMS is vulnerable to a cross-site scripting vulnerability due to an affected application incorrectly clearing certain SNMP configuration data retrieved from monitored devices. An attacker could exploit the vulnerability to cause a legitimate user to inadvertently modify application data.

CPENameOperatorVersion
siemens sinec nms < veq2.0

CPE	Name	Operator	Version
	siemens sinec nms < v	eq	2.0