Stored Cross-Site Scripting Vulnerability in SINEMA Server by Siemens
CVE-2023-35796

8.3HIGH

Key Information:

Vendor
Siemens
Vendor
CVE Published:
10 October 2023

Summary

A vulnerability exists in SINEMA Server V14, where certain SNMP configuration data fetched from monitored devices is not properly sanitized. This imperfection allows an attacker with access to those devices to carry out a stored cross-site scripting (XSS) attack. Successful exploitation of this vulnerability could enable the attacker to execute arbitrary code with SYSTEM privileges on the application server, potentially resulting in severe security implications.

Affected Version(s)

SINEMA Server V14 All versions

References

CVSS V3.1

Score:
8.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.