Lucene search
China National Vulnerability DatabaseCNVD-2021-77593HistoryOct 13, 2021 - 12:00 a.m.
Siemens SINEC NMS SQL Injection Vulnerability (CNVD-2021-77593)
2021-10-1300:00:00
China National Vulnerability Database
www.cnvd.org.cn
11
siemens sinec nms
network management system
sql injection
vulnerability
industrial networks
validation
escaping
arbitrary commands
local database
manual request
web server
EPSS
0.002
Percentile
52.5%
SINEC NMS is a network management system used by Siemens to monitor and manage industrial networks.A SQL injection vulnerability exists in versions prior to SINEC NMS 1.0 SP2 Update 1, which stems from the lack of validation and escaping of SQL parameter statements. An attacker could use this vulnerability to execute arbitrary commands in the local database by sending a manual request to the affected application’s web server.
Related
cvelist
cvelist
CVE-2021-33731
2021-10-12 09:49:31
cve
cve
CVE-2021-33731
2021-10-12 10:15:12
prion
prion
Command injection
2021-10-12 10:15:00
nvd
nvd
CVE-2021-33731
2021-10-12 10:15:12
nessus
nessus
Siemens SINEC NMS < V1.0 SP2 Update 1 Multiple Vulnerabilities
2022-07-05 00:00:00
ics
ics
Siemens SINEC NMS
2021-10-14 12:00:00