Lucene search
China National Vulnerability DatabaseCNVD-2021-77586HistoryOct 13, 2021 - 12:00 a.m.
Siemens SINEC NMS SQL Injection Vulnerability (CNVD-2021-77586)
2021-10-1300:00:00
China National Vulnerability Database
www.cnvd.org.cn
9
siemens
sinec nms
sql injection
vulnerability
industrial networks
network management system
validation
escaping
software
attacker
arbitrary commands
local database
manual request.
EPSS
0.002
Percentile
52.5%
SINEC NMS is a network management system from Siemens for monitoring and managing industrial networks.A SQL injection vulnerability exists in versions prior to SINEC NMS 1.0 SP2 Update 1, which stems from the lack of validation and escaping of SQL parameter statements in the software. An attacker could use this vulnerability to execute arbitrary commands in the local database by sending a manual request to the affected application’s web server.
Related
prion
prion
Command injection
2021-10-12 10:15:00
nvd
nvd
CVE-2021-33735
2021-10-12 10:15:12
cvelist
cvelist
CVE-2021-33735
2021-10-12 09:49:34
cve
cve
CVE-2021-33735
2021-10-12 10:15:12
nessus
nessus
Siemens SINEC NMS < V1.0 SP2 Update 1 Multiple Vulnerabilities
2022-07-05 00:00:00
ics
ics
Siemens SINEC NMS
2021-10-14 12:00:00