Lucene search
China National Vulnerability DatabaseCNVD-2021-77585HistoryOct 13, 2021 - 12:00 a.m.
Siemens SINEC NMS code issue vulnerability
2021-10-1300:00:00
China National Vulnerability Database
www.cnvd.org.cn
14
siemens
sinec nms
network management
code issue
vulnerability
deserialization
java objects
arbitrary code
root privileges
security advisory
EPSS
0.001
Percentile
37.8%
SINEC NMS is a network management system from Siemens for monitoring and managing industrial networks. a code issue vulnerability exists in versions prior to SINEC NMS 1.0 SP2 Update 1. The vulnerability stems from the fact that the affected system allows the upload of JSON objects deserialized to JAVA objects, but the deserialization of user-supplied content is not secure. An attacker could exploit the vulnerability by sending specially serialized Java objects to execute arbitrary code on the device with root privileges.
Related
prion
prion
Deserialization of untrusted data
2021-10-12 10:15:00
cvelist
cvelist
CVE-2021-33728
2021-10-12 09:49:28
cve
cve
CVE-2021-33728
2021-10-12 10:15:12
nvd
nvd
CVE-2021-33728
2021-10-12 10:15:12
ics
ics
Siemens SINEC NMS
2021-10-14 12:00:00
nessus
nessus
Siemens SINEC NMS < V1.0 SP2 Update 1 Multiple Vulnerabilities
2022-07-05 00:00:00