Description
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2). The affected application incorrectly neutralizes special elements when creating batch operations which could lead to command injection. An authenticated remote attacker with administrative privileges could exploit this vulnerability to execute arbitrary code on the system with system privileges.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://cert-portal.siemens.com/productcert/pdf/ssa-756744.pdf
Scores
CVSS v3
7.2
EPSS
0.0508
EPSS Percentile
89.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (2)
siemens/sinec_network_management_system
1.0 (2 CPE variants)
siemens/sinec_network_management_system
< 1.0
Published
Aug 10, 2021
Tracked Since
Feb 18, 2026