Unauthenticated Remote Attacker Can Execute Arbitrary SQL Queries on Server Database
CVE-2024-23810

9.8CRITICAL

Key Information:

Vendor: Siemens
Status: Sinec Nms
Vendor: CVE Published:; 13 February 2024

Summary

A SQL injection vulnerability exists in SINEC NMS, allowing unauthenticated remote attackers to manipulate server database queries. The flaw affects all versions prior to V2.0 SP1, potentially compromising data integrity and exposing sensitive information. It is crucial for organizations using this software to apply available patches and updates promptly to mitigate associated risks.

Affected Version(s)

SINEC NMS 0

References

https://cert-portal.siemens.com/productcert/html/ssa-9439...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 13, 2024
Vulnerability Reserved
Jan 22, 2024