Remote code execution

2024-02-1309:15:00

PRIOn knowledge base

www.prio-n.com

vulnerability

sinec nms

remote code execution

tftp file upload

arbitrary files

malicious firmware images

8.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

21.5%

JSON

A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application allows users to upload arbitrary files via TFTP. This could allow an attacker to upload malicious firmware images or other files, that could potentially lead to remote code execution.

References

cert-portal.siemens.com/productcert/html/ssa-943925.html