Lucene search

Sinec Network Management System Security Vulnerabilities

cve

CVE-2020-25237

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1 Update 1), SINEMA Server (All versions < V14.0 SP2 Update 2). When uploading files to an affected system using a zip container, the system does not correctly check if the relative file path of the extracted files is sti...

8.1CVSS

7.8AI Score

0.003EPSS

2021-02-09 05:15 PM

179

cve

CVE-2020-7580

A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Upd3), SIMATIC PCS neo (All versions < V3.0...

6.7CVSS

6.7AI Score

0.0004EPSS

2020-06-10 05:15 PM

cve

CVE-2021-33721

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2). The affected application incorrectly neutralizes special elements when creating batch operations which could lead to command injection. An authenticated remote attacker with administrative privileges could exploit this v...

7.2CVSS

7.4AI Score

0.002EPSS

2021-08-10 11:15 AM

cve

CVE-2021-37200

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1). An attacker with access to the webserver of an affected system could download arbitrary files from the underlying filesystem by sending a specially crafted HTTP request.

7.7CVSS

7.3AI Score

0.001EPSS

2021-09-14 11:15 AM

cve

CVE-2021-37201

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1). The web interface of affected devices is vulnerable to a Cross-Site Request Forgery (CSRF) attack. This could allow an attacker to manipulate the SINEC NMS configuration by tricking an unsuspecting user with administrati...

8.8CVSS

8.6AI Score

0.001EPSS

2021-09-14 11:15 AM

cve

CVE-2022-22965

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is...

9.8CVSS

8.7AI Score

0.975EPSS

2022-04-01 11:15 PM

1756

In Wild

cve

CVE-2022-24281

A vulnerability has been identified in SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). A privileged authenticated attacker could execute arbitrary commands in the local database by sending specially crafted requests to the webserver of the affected application.

7.2CVSS

6.9AI Score

0.001EPSS

2022-03-08 12:15 PM

cve

CVE-2022-24282

A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected system allows to upload JSON objects that are deserialized to Java objects. Due to insecure deserialization of user-supplied c...

7.2CVSS

7.1AI Score

0.001EPSS

2022-03-08 12:15 PM

cve

CVE-2022-25311

A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected software do not properly check privileges between users during the same web browser session, creating an unintended sphere of ...

7.3CVSS

6.7AI Score

0.0004EPSS

2022-03-08 12:15 PM