14 matches found
CVE-2023-35796
A vulnerability has been identified in SINEMA Server V14 All versions. The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could perform a stored cross-site scripting XSS attack that may lead...
Cross site scripting
A vulnerability has been identified in SINEMA Server V14 All versions. The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could perform a stored cross-site scripting XSS attack that may lead...
CVE-2023-35796
A vulnerability has been identified in SINEMA Server V14 All versions. The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could perform a stored cross-site scripting XSS attack that may lead...
CVE-2023-35796
A vulnerability has been identified in SINEMA Server V14 All versions. The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could perform a stored cross-site scripting XSS attack that may lead...
CVE-2023-35796
Siemens SINEMA Server V14 (all versions) is affected by a vulnerability where SNMP configuration data is not properly sanitized, enabling a stored cross-site scripting (XSS) attack that can lead to arbitrary code execution with SYSTEM privileges on the application server. The issue arises from th...
CVE-2022-24282
A vulnerability has been identified in SINEC NMS All versions = V1.0.3 V2.0, SINEC NMS All versions V1.0.3, SINEMA Server V14 All versions. The affected system allows to upload JSON objects that are deserialized to Java objects. Due to insecure deserialization of user-supplied content by the...
CVE-2022-24281
A vulnerability has been identified in SINEC NMS All versions V1.0.3, SINEMA Server V14 All versions. A privileged authenticated attacker could execute arbitrary commands in the local database by sending specially crafted requests to the webserver of the affected application...
Privilege escalation
A vulnerability has been identified in SINEC NMS All versions = V1.0.3 V2.0, SINEC NMS All versions V1.0.3, SINEMA Server V14 All versions. The affected software do not properly check privileges between users during the same web browser session, creating an unintended sphere of control. This coul...
PT-2022-16582 · Siemens · Sinema Server +1
Name of the Vulnerable Software and Affected Versions: SINEC NMS versions 1.0.3 and later, prior to 2.0 SINEC NMS versions prior to 1.0.3 SINEMA Server V14 all versions Description: A security issue has been found that allows the upload of JSON objects which are then deserialized into Java object...
CVE-2022-24282
A vulnerability has been identified in SINEC NMS All versions = V1.0.3 V2.0, SINEC NMS All versions V1.0.3, SINEMA Server V14 All versions. The affected system allows to upload JSON objects that are deserialized to Java objects. Due to insecure deserialization of user-supplied content by the...
CVE-2022-25311
The CVE-2022-25311 issue is an improper privilege management flaw in Siemens SINEC NMS (versions around 1.0.3 and SINEMA Server V14) where privileges are not correctly checked between users within the same browser session, enabling a authenticated low-privilege user to escalate privileges. Connec...
CVE-2022-24281
CVE-2022-24281 affects Siemens SINEC NMS (prior to v1.0.3) and SINEMA Server v14. Root cause is improper neutralization of special elements in SQL commands (SQL Injection). A privileged, authenticated attacker could send crafted requests to the webserver to execute arbitrary commands in the local...
CVE-2022-24282
CVE-2022-24282 affects Siemens SINEC NMS and SINEMA Server V14. The vulnerability is due to insecure deserialization of user-supplied JSON objects into Java objects, allowing a privileged attacker to execute arbitrary code on the device with root privileges. Affected versions of SINEC NMS include...
CVE-2022-25311
A vulnerability has been identified in SINEC NMS All versions = V1.0.3 V2.0, SINEC NMS All versions V1.0.3, SINEMA Server V14 All versions. The affected software do not properly check privileges between users during the same web browser session, creating an unintended sphere of control. This coul...