Unauthorized Access to Modify Application Settings in SINEC NMS
CVE-2024-41941

4.3MEDIUM

Key Information:

Vendor: Siemens
Status: Sinec Nms
Vendor: CVE Published:; 13 August 2024

What is CVE-2024-41941?

A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and modify settings in the application without authorization.

Affected Version(s)

SINEC NMS 0

References

https://cert-portal.siemens.com/productcert/html/ssa-7843...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 13, 2024
Vulnerability Reserved
Jul 24, 2024

Siemens

What is CVE-2024-41941?

Affected Version(s)

References

CVSS V3.1

Timeline