Filtered by vendor Siemens
Subscribe
Total
1886 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-41940 | 1 Siemens | 1 Sinec Nms | 2024-08-14 | N/A | 9.1 CRITICAL |
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly validate user input to a privileged command queue. This could allow an authenticated attacker to execute OS commands with elevated privileges. | |||||
CVE-2024-41939 | 1 Siemens | 1 Sinec Nms | 2024-08-14 | N/A | 8.8 HIGH |
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and elevate their privileges on the application. | |||||
CVE-2024-41938 | 1 Siemens | 1 Sinec Nms | 2024-08-14 | N/A | 3.8 LOW |
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The importCertificate function of the SINEC NMS Control web application contains a path traversal vulnerability. This could allow an authenticated attacker it to delete arbitrary certificate files on the drive SINEC NMS is installed on. | |||||
CVE-2024-41907 | 1 Siemens | 1 Sinec Traffic Analyzer | 2024-08-14 | N/A | 5.4 MEDIUM |
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application is missing general HTTP security headers in the web server. This could allow an attacker to make the servers more prone to clickjacking attack. | |||||
CVE-2024-41906 | 1 Siemens | 1 Sinec Traffic Analyzer | 2024-08-14 | N/A | 6.5 MEDIUM |
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application does not properly handle cacheable HTTP responses in the web service. This could allow an attacker to read and modify data stored in the local cache. | |||||
CVE-2024-41905 | 1 Siemens | 1 Sinec Traffic Analyzer | 2024-08-14 | N/A | 6.5 MEDIUM |
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application do not have access control for accessing the files. This could allow an authenticated attacker with low privilege's to get access to sensitive information. |