Lucene search

SiemensCVELIST:CVE-2023-44315

HistoryOct 10, 2023 - 10:21 a.m.

CVE-2023-44315

2023-10-1010:21:41

CWE-79

siemens

www.cve.org

vulnerability

sinec nms

cross-site scripting

snmp

application data

monitored devices

4.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C

0.0004 Low

EPSS

Percentile

14.0%

JSON

A vulnerability has been identified in SINEC NMS (All versions < V2.0). The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could prepare a stored cross-site scripting (XSS) attack that may lead to unintentional modification of application data by legitimate users.

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "SINEC NMS",
    "versions": [
      {
        "version": "All versions < V2.0",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-160243.pdf

4.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C

0.0004 Low

EPSS

Percentile

14.0%

JSON

Related for CVELIST:CVE-2023-44315