CVE-2024-23811

Published: Feb 13, 2024Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application allows users to upload arbitrary files via TFTP. This could allow an attacker to upload malicious firmware images or other files, that could potentially lead to remote code execution.

Affected (2)

Products: Siemens: Sinec Nms

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Siemens Sinec Nms	Before 2.0
Siemens Sinec Nms	Version 2.0

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://cert-portal.siemens.com/productcert/html/ssa-943925.html

Source: productcert@siemens.com

Vendor Advisory

https://cert-portal.siemens.com/productcert/html/ssa-943925.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.