Privilege Escalation Vulnerability in Siemens SINEC NMS and SINEMA Server
CVE-2022-25311

7.3HIGH

Key Information:

Vendor: Siemens
Status: Sinec Nms; Sinema Server V14
Vendor: CVE Published:; 8 March 2022

Summary

A privilege escalation vulnerability exists in SINEC NMS and SINEMA Server due to improper checks between user privileges during web sessions. Authenticated low-privileged users could exploit this flaw to gain higher privileges within the application, potentially leading to unauthorized actions and access to sensitive data.

Affected Version(s)

SINEC NMS All versions >= V1.0.3 < V2.0

SINEC NMS All versions < V1.0.3

SINEMA Server V14 All versions

References

https://cert-portal.siemens.com/productcert/pdf/ssa-25008...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 8, 2022
Vulnerability Reserved
Feb 17, 2022