Lucene search

SiemensVULNRICHMENT:CVE-2023-35796

HistoryOct 10, 2023 - 10:21 a.m.

CVE-2023-35796

2023-10-1010:21:20

CWE-79

siemens

github.com

vulnerability

sinema server v14

stored xss

code execution

snmp configuration

arbitrary

zdi-can-19823

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C

AI Score

6.7

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

A vulnerability has been identified in SINEMA Server V14 (All versions). The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could perform a stored cross-site scripting (XSS) attack that may lead to arbitrary code execution with SYSTEM privileges on the application server. (ZDI-CAN-19823)

References

cert-portal.siemens.com/productcert/pdf/ssa-594373.pdf

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C

AI Score

6.7

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2023-35796