Lucene search
Andreas FinstadZDI-23-1600HistoryNov 14, 2023 - 12:00 a.m.
Siemens SINEMA Server sysLocation Cross-Site Scripting Remote Code Execution Vulnerability
2023-11-1400:00:00
Andreas Finstad
www.zerodayinitiative.com
4
siemens
sinema server
vulnerability
remote code execution
arbitrary code
user interaction
snmp
injection
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens SINEMA Server. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of SNMP sysLocation OID. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.
Related
cnvd
cnvd
Siemens SINEMA Server V14 Cross-Site Scripting Vulnerability
2023-10-11 00:00:00
cvelist
cvelist
CVE-2023-35796
2023-10-10 10:21:20
cve
cve
CVE-2023-35796
2023-10-10 11:15:11
nvd
nvd
CVE-2023-35796
2023-10-10 11:15:11
prion
prion
Cross site scripting
2023-10-10 11:15:00
vulnrichment
vulnrichment
CVE-2023-35796
2023-10-10 10:21:20