Vulnerabilities (CVE)

Filtered by vendor Siemens Subscribe
Total 1886 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-41940 1 Siemens 1 Sinec Nms 2024-08-14 N/A 9.1 CRITICAL
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly validate user input to a privileged command queue. This could allow an authenticated attacker to execute OS commands with elevated privileges.
CVE-2024-41939 1 Siemens 1 Sinec Nms 2024-08-14 N/A 8.8 HIGH
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and elevate their privileges on the application.
CVE-2024-41938 1 Siemens 1 Sinec Nms 2024-08-14 N/A 3.8 LOW
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The importCertificate function of the SINEC NMS Control web application contains a path traversal vulnerability. This could allow an authenticated attacker it to delete arbitrary certificate files on the drive SINEC NMS is installed on.
CVE-2024-41907 1 Siemens 1 Sinec Traffic Analyzer 2024-08-14 N/A 5.4 MEDIUM
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application is missing general HTTP security headers in the web server. This could allow an attacker to make the servers more prone to clickjacking attack.
CVE-2024-41906 1 Siemens 1 Sinec Traffic Analyzer 2024-08-14 N/A 6.5 MEDIUM
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application does not properly handle cacheable HTTP responses in the web service. This could allow an attacker to read and modify data stored in the local cache.
CVE-2024-41905 1 Siemens 1 Sinec Traffic Analyzer 2024-08-14 N/A 6.5 MEDIUM
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application do not have access control for accessing the files. This could allow an authenticated attacker with low privilege's to get access to sensitive information.