Lucene search

SiemensCVELIST:CVE-2023-44315

HistoryOct 10, 2023 - 10:21 a.m.

CVE-2023-44315

2023-10-1010:21:41

CWE-79

siemens

www.cve.org

vulnerability

sinec nms

cross-site scripting

snmp

application data

monitored devices

CVSS3

4.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C

EPSS

0.001

Percentile

18.6%

JSON

A vulnerability has been identified in SINEC NMS (All versions < V2.0). The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could prepare a stored cross-site scripting (XSS) attack that may lead to unintentional modification of application data by legitimate users.

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "SINEC NMS",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V2.0",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

cert-portal.siemens.com/productcert/html/ssa-160243.html

cert-portal.siemens.com/productcert/pdf/ssa-160243.pdf

CVSS3

4.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C

EPSS

0.001

Percentile

18.6%

JSON

Related for CVELIST:CVE-2023-44315