Lucene search

[email protected]CVE-2020-25237

HistoryFeb 09, 2021 - 5:15 p.m.

CVE-2020-25237

2021-02-0917:15:13

CWE-22

[email protected]

web.nvd.nist.gov

179

cve-2020-25237

vulnerability

sinec nms

sinema server

file upload

zip-slip

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

7.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.5%

JSON

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1 Update 1), SINEMA Server (All versions < V14.0 SP2 Update 2). When uploading files to an affected system using a zip container, the system does not correctly check if the relative file path of the extracted files is still within the intended target directory. With this an attacker could create or overwrite arbitrary files on an affected system. This type of vulnerability is also known as ‘Zip-Slip’. (ZDI-CAN-12054)

Affected configurations

NVD

Node

siemenssinec_network_management_systemRange<1.0

siemenssinec_network_management_systemMatch1.0-

siemenssinec_network_management_systemMatch1.0sp1

siemenssinema_serverRange<14.0

siemenssinema_serverMatch14.0-

siemenssinema_serverMatch14.0sp1

siemenssinema_serverMatch14.0sp2

siemenssinema_serverMatch14.0sp2_update1

CPENameOperatorVersion
siemens:sinec_network_management_systemsiemens sinec network management systemlt1.0
siemens:sinema_serversiemens sinema serverlt14.0

CPE	Name	Operator	Version
siemens:sinec_network_management_system	siemens sinec network management system	lt	1.0
siemens:sinema_server	siemens sinema server	lt	14.0

CNA Affected

[
  {
    "product": "SINEC NMS",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V1.0 SP1 Update 1"
      }
    ]
  },
  {
    "product": "SINEMA Server",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V14.0 SP2 Update 2"
      }
    ]
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-156833.pdf

us-cert.cisa.gov/ics/advisories/icsa-21-040-03

www.zerodayinitiative.com/advisories/ZDI-21-253/

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

7.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.5%

JSON

Related for CVE-2020-25237

cvelist1 nvd1 zdi1 ics1 prion1