CVE-2021-33723
MEDIUMSINEC NMS <V1.0 SP2 Update 1 - Privilege Escalation
Title source: llmDescription
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker could change the user profile of any user without proper authorization. With this, the attacker could change the password of any user in the affected system.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf
Scores
CVSS v3
6.5
EPSS
0.0022
EPSS Percentile
44.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-285
Status
published
Products (2)
siemens/sinec_nms
1.0 (3 CPE variants)
siemens/sinec_nms
< 1.0
Published
Oct 12, 2021
Tracked Since
Feb 18, 2026