CVE-2024-41940

A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly validate user input to a privileged command queue. This could allow an authenticated attacker to execute OS commands with elevated privileges.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*

History

14 Aug 2024, 18:10

Type Values Removed Values Added
Summary
  • (es) Se ha identificado una vulnerabilidad en SINEC NMS (Todas las versiones &lt; V3.0). La aplicación afectada no valida correctamente la entrada del usuario en una cola de comandos privilegiada. Esto podría permitir que un atacante autenticado ejecute comandos del sistema operativo con privilegios elevados.
First Time Siemens
Siemens sinec Nms
CWE NVD-CWE-noinfo
CPE cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*
References () https://cert-portal.siemens.com/productcert/html/ssa-784301.html - () https://cert-portal.siemens.com/productcert/html/ssa-784301.html - Vendor Advisory

13 Aug 2024, 08:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-13 08:15

Updated : 2024-08-14 18:10


NVD link : CVE-2024-41940

Mitre link : CVE-2024-41940

CVE.ORG link : CVE-2024-41940


JSON object : View

Products Affected

siemens

  • sinec_nms
CWE
NVD-CWE-noinfo CWE-20

Improper Input Validation