CVE-2021-33726

Published: Oct 12, 2021Modified: Jun 17, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to download arbitrary files under a user controlled path and does not correctly check if the relative path is still within the intended target directory.

Affected (4)

Products: Siemens: Sinec Nms

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Siemens Sinec Nms	Before 1.0
Siemens Sinec Nms	Version 1.0
Siemens Sinec Nms	Version 1.0 sp1
Siemens Sinec Nms	Version 1.0 sp2

Related CWEs

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (2)

https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf

Source: productcert@siemens.com

PatchVendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.