Sinec Nms
CVEs (54)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-23812 | 0.00 | — | 0.01 | Feb 13, 2024 | A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application incorrectly neutralizes special elements when creating a report which could lead to command injection. | |||
| CVE-2024-23811 | 0.00 | — | 0.00 | Feb 13, 2024 | A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application allows users to upload arbitrary files via TFTP. This could allow an attacker to upload malicious firmware images or other files, that could potentially lead to remote code… | |||
| CVE-2024-23810 | 0.00 | — | 0.01 | Feb 13, 2024 | A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application is vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database. | |||
| CVE-2023-46285 | 0.00 | — | 0.01 | Dec 12, 2023 | A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions),… | |||
| CVE-2023-46284 | 0.00 | — | 0.01 | Dec 12, 2023 | A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions),… | |||
| CVE-2023-46283 | 0.00 | — | 0.01 | Dec 12, 2023 | A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions),… | |||
| CVE-2023-46282 | 0.00 | — | 0.00 | Dec 12, 2023 | A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions),… | |||
| CVE-2023-46281 | 0.00 | — | 0.01 | Dec 12, 2023 | A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions),… | |||
| CVE-2023-44315 | 0.00 | — | 0.00 | Oct 10, 2023 | A vulnerability has been identified in SINEC NMS (All versions < V2.0). The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could prepare a stored cross-site scripting (XSS)… | |||
| CVE-2022-30527 | 0.00 | — | 0.00 | Oct 10, 2023 | A vulnerability has been identified in SINEC NMS (All versions < V2.0). The affected application assigns improper access rights to specific folders containing executable files and libraries. This could allow an authenticated local attacker to inject arbitrary code and… | |||
| CVE-2022-30694 | 0.00 | — | 0.00 | Nov 8, 2022 | The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack. | |||
| CVE-2022-24282 | 0.00 | — | 0.01 | Mar 8, 2022 | A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected system allows to upload JSON objects that are deserialized to Java objects. Due to insecure deserialization of… | |||
| CVE-2022-24281 | 0.00 | — | 0.03 | Mar 8, 2022 | A vulnerability has been identified in SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). A privileged authenticated attacker could execute arbitrary commands in the local database by sending specially crafted requests to the webserver of the affected… | |||
| CVE-2022-25311 | 0.00 | — | 0.01 | Mar 8, 2022 | A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected software do not properly check privileges between users during the same web browser session, creating an unintended… | |||
| CVE-2021-33736 | 0.00 | — | 0.01 | Oct 12, 2021 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | |||
| CVE-2021-33734 | 0.00 | — | 0.28 | Oct 12, 2021 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | |||
| CVE-2021-33735 | 0.00 | — | 0.01 | Oct 12, 2021 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | |||
| CVE-2021-33733 | 0.00 | — | 0.15 | Oct 12, 2021 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | |||
| CVE-2021-33732 | 0.00 | — | 0.28 | Oct 12, 2021 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | |||
| CVE-2021-33731 | 0.00 | — | 0.47 | Oct 12, 2021 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. |
- CVE-2024-23812Feb 13, 2024risk 0.00cvss —epss 0.01
A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application incorrectly neutralizes special elements when creating a report which could lead to command injection.
- CVE-2024-23811Feb 13, 2024risk 0.00cvss —epss 0.00
A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application allows users to upload arbitrary files via TFTP. This could allow an attacker to upload malicious firmware images or other files, that could potentially lead to remote code…
- CVE-2024-23810Feb 13, 2024risk 0.00cvss —epss 0.01
A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application is vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database.
- CVE-2023-46285Dec 12, 2023risk 0.00cvss —epss 0.01
A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions),…
- CVE-2023-46284Dec 12, 2023risk 0.00cvss —epss 0.01
A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions),…
- CVE-2023-46283Dec 12, 2023risk 0.00cvss —epss 0.01
A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions),…
- CVE-2023-46282Dec 12, 2023risk 0.00cvss —epss 0.00
A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions),…
- CVE-2023-46281Dec 12, 2023risk 0.00cvss —epss 0.01
A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions),…
- CVE-2023-44315Oct 10, 2023risk 0.00cvss —epss 0.00
A vulnerability has been identified in SINEC NMS (All versions < V2.0). The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could prepare a stored cross-site scripting (XSS)…
- CVE-2022-30527Oct 10, 2023risk 0.00cvss —epss 0.00
A vulnerability has been identified in SINEC NMS (All versions < V2.0). The affected application assigns improper access rights to specific folders containing executable files and libraries. This could allow an authenticated local attacker to inject arbitrary code and…
- CVE-2022-30694Nov 8, 2022risk 0.00cvss —epss 0.00
The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack.
- CVE-2022-24282Mar 8, 2022risk 0.00cvss —epss 0.01
A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected system allows to upload JSON objects that are deserialized to Java objects. Due to insecure deserialization of…
- CVE-2022-24281Mar 8, 2022risk 0.00cvss —epss 0.03
A vulnerability has been identified in SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). A privileged authenticated attacker could execute arbitrary commands in the local database by sending specially crafted requests to the webserver of the affected…
- CVE-2022-25311Mar 8, 2022risk 0.00cvss —epss 0.01
A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected software do not properly check privileges between users during the same web browser session, creating an unintended…
- CVE-2021-33736Oct 12, 2021risk 0.00cvss —epss 0.01
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.
- CVE-2021-33734Oct 12, 2021risk 0.00cvss —epss 0.28
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.
- CVE-2021-33735Oct 12, 2021risk 0.00cvss —epss 0.01
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.
- CVE-2021-33733Oct 12, 2021risk 0.00cvss —epss 0.15
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.
- CVE-2021-33732Oct 12, 2021risk 0.00cvss —epss 0.28
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.
- CVE-2021-33731Oct 12, 2021risk 0.00cvss —epss 0.47
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.
Page 2 of 3