CVE-2022-25311

Published: Mar 8, 2022Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD (Secondary)

Description

A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected software do not properly check privileges between users during the same web browser session, creating an unintended sphere of control. This could allow an authenticated low privileged user to achieve privilege escalation.

Affected (2)

Products: Siemens: Sinec Network Management System, Sinema Server

2 products

Sinec Network Management System

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Siemens Sinec Network Management System	Before 1.0.3
Siemens Sinema Server	Version 14.0

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://cert-portal.siemens.com/productcert/pdf/ssa-250085.pdf

Source: productcert@siemens.com

MitigationVendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-250085.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

Timeline

No history available yet.