Unauthenticated Remote Attacker Can Execute Arbitrary SQL Queries on Server Database
CVE-2024-23810

8.8HIGH

Key Information:

Vendor: Siemens
Status: Sinec Nms
Vendor: CVE Published:; 13 February 2024

What is CVE-2024-23810?

A SQL injection vulnerability exists in SINEC NMS, allowing unauthenticated remote attackers to manipulate server database queries. The flaw affects all versions prior to V2.0 SP1, potentially compromising data integrity and exposing sensitive information. It is crucial for organizations using this software to apply available patches and updates promptly to mitigate associated risks.

Affected Version(s)

SINEC NMS 0

References

https://cert-portal.siemens.com/productcert/html/ssa-9439...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 13, 2024
Vulnerability Reserved
Jan 22, 2024

Siemens

What is CVE-2024-23810?

Affected Version(s)

References

CVSS V3.1

Timeline