A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application allows users to upload arbitrary files via TFTP. This could allow an attacker to upload malicious firmware images or other files, that could potentially lead to remote code execution.
References
Link | Resource |
---|---|
https://cert-portal.siemens.com/productcert/html/ssa-943925.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
04 Oct 2024, 16:46
Type | Values Removed | Values Added |
---|---|---|
References | () https://cert-portal.siemens.com/productcert/html/ssa-943925.html - Vendor Advisory | |
First Time |
Siemens sinec Nms
Siemens |
|
CPE | cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:sinec_nms:2.0:-:*:*:*:*:*:* |
13 Feb 2024, 14:01
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
13 Feb 2024, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-13 09:15
Updated : 2024-10-04 16:46
NVD link : CVE-2024-23811
Mitre link : CVE-2024-23811
CVE.ORG link : CVE-2024-23811
JSON object : View
Products Affected
siemens
- sinec_nms
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type