CVE-2022-25311
HIGHSINEC NMS < 2.0 and SINEMA Server V14 - Authenticated Privilege Escalation via Session Privilege Check Bypass
Title source: llmDescription
A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected software do not properly check privileges between users during the same web browser session, creating an unintended sphere of control. This could allow an authenticated low privileged user to achieve privilege escalation.
References (1)
Core 1
Core References
Mitigation, Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-250085.pdf
Scores
CVSS v3
7.3
EPSS
0.0014
EPSS Percentile
33.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-269
Status
published
Products (2)
siemens/sinec_network_management_system
< 1.0.3
siemens/sinema_server
14.0
Published
Mar 08, 2022
Tracked Since
Feb 18, 2026