Lucene search
China National Vulnerability DatabaseCNVD-2021-77591HistoryOct 13, 2021 - 12:00 a.m.
Siemens SINEC NMS SQL Injection Vulnerability (CNVD-2021-77591)
2021-10-1300:00:00
China National Vulnerability Database
www.cnvd.org.cn
11
siemens sinec nms
sql injection
vulnerability
industrial networks
network management system
validation
escaping
arbitrary commands
local database
web server
cnvd-2021-77591
EPSS
0.002
Percentile
52.5%
SINEC NMS is a network management system used by Siemens to monitor and manage industrial networks.A SQL injection vulnerability exists in versions prior to SINEC NMS 1.0 SP2 Update 1, which stems from a lack of validation and escaping of SQL parameter statements. An attacker could use this vulnerability to execute arbitrary commands in the local database by sending a manual request to the affected application’s web server.
Related
cvelist
cvelist
CVE-2021-33734
2021-10-12 09:49:34
nvd
nvd
CVE-2021-33734
2021-10-12 10:15:12
prion
prion
Command injection
2021-10-12 10:15:00
cve
cve
CVE-2021-33734
2021-10-12 10:15:12
ics
ics
Siemens SINEC NMS
2021-10-14 12:00:00
nessus
nessus
Siemens SINEC NMS < V1.0 SP2 Update 1 Multiple Vulnerabilities
2022-07-05 00:00:00