Lucene search

[email protected]NVD:CVE-2021-33722

HistoryOct 12, 2021 - 10:15 a.m.

CVE-2021-33722

2021-10-1210:15:11

CWE-22

[email protected]

web.nvd.nist.gov

sinec nms

path traversal

firmware container

arbitrary files

privileged attacker

authenticated

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

26.9%

JSON

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system has a Path Traversal vulnerability when exporting a firmware container. With this a privileged authenticated attacker could create arbitrary files on an affected system.

Affected configurations

Nvd

Node

siemenssinec_nmsRange<1.0

siemenssinec_nmsMatch1.0-

siemenssinec_nmsMatch1.0sp1

siemenssinec_nmsMatch1.0sp2

VendorProductVersionCPE
siemenssinec_nms*cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*
siemenssinec_nms1.0cpe:2.3:a:siemens:sinec_nms:1.0:-:*:*:*:*:*:*
siemenssinec_nms1.0cpe:2.3:a:siemens:sinec_nms:1.0:sp1:*:*:*:*:*:*
siemenssinec_nms1.0cpe:2.3:a:siemens:sinec_nms:1.0:sp2:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	sinec_nms	*	cpe:2.3:a:siemens:sinec_nms::::::::
siemens	sinec_nms	1.0	cpe:2.3:a:siemens:sinec_nms:1.0:-::::::
siemens	sinec_nms	1.0	cpe:2.3:a:siemens:sinec_nms:1.0:sp1::::::
siemens	sinec_nms	1.0	cpe:2.3:a:siemens:sinec_nms:1.0:sp2::::::