CVE-2022-24282

7.2HIGH

Key Information:

Vendor: Siemens
Status: Sinec Nms; Sinema Server V14
Vendor: CVE Published:; 8 March 2022

Summary

A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected system allows to upload JSON objects that are deserialized to Java objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this vulnerability by sending a maliciously crafted serialized Java object. This could allow the attacker to execute arbitrary code on the device with root privileges.

Affected Version(s)

SINEC NMS All versions >= V1.0.3 < V2.0

SINEC NMS All versions < V1.0.3

SINEMA Server V14 All versions

References

https://cert-portal.siemens.com/productcert/pdf/ssa-25008...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 8, 2022
Vulnerability Reserved
Jan 31, 2022