CVE-2022-25311

7.3HIGH

Key Information:

Vendor: Siemens
Status: Sinec Nms; Sinema Server V14
Vendor: CVE Published:; 8 March 2022

Summary

A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected software do not properly check privileges between users during the same web browser session, creating an unintended sphere of control. This could allow an authenticated low privileged user to achieve privilege escalation.

Affected Version(s)

SINEC NMS All versions >= V1.0.3 < V2.0

SINEC NMS All versions < V1.0.3

SINEMA Server V14 All versions

References

https://cert-portal.siemens.com/productcert/pdf/ssa-25008...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 8, 2022
Vulnerability Reserved
Feb 17, 2022