Stored Cross-Site Scripting Vulnerability in SINEMA Server by Siemens
CVE-2023-35796
8.3HIGH
Summary
A vulnerability exists in SINEMA Server V14, where certain SNMP configuration data fetched from monitored devices is not properly sanitized. This imperfection allows an attacker with access to those devices to carry out a stored cross-site scripting (XSS) attack. Successful exploitation of this vulnerability could enable the attacker to execute arbitrary code with SYSTEM privileges on the application server, potentially resulting in severe security implications.
Affected Version(s)
SINEMA Server V14 All versions
References
CVSS V3.1
Score:
8.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved