CVE-2023-35796

Опубликовано: 10 окт. 2023

Источник: nvd

CVSS3: 8.3

CVSS3: 9

EPSS Низкий

Описание

A vulnerability has been identified in SINEMA Server V14 (All versions). The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could perform a stored cross-site scripting (XSS) attack that may lead to arbitrary code execution with SYSTEM privileges on the application server. (ZDI-CAN-19823)

Ссылки

https://cert-portal.siemens.com/productcert/pdf/ssa-594373.pdf
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-594373.pdf
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:siemens:sinema_server:14.0:*:*:*:*:*:*:*

EPSS

Процентиль: 45%

0.00229

Низкий

8.3 High

CVSS3

9 Critical

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-8w38-353q-pxjf

CVSS3: 8.3

github

больше 2 лет назад

A vulnerability has been identified in SINEMA Server V14 (All versions). The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could perform a stored cross-site scripting (XSS) attack that may lead to arbitrary code execution with `SYSTEM` privileges on the application server. (ZDI-CAN-19823)

BDU:2023-08150

CVSS3: 8.3

fstec

больше 2 лет назад

Уязвимость программного обеспечения управления и конфигурирования сети Siemens SINEMA Server, позволяющая нарушителю выполнить произвольный код с привилегиями SYSTEM

EPSS

Процентиль: 45%

0.00229

Низкий

8.3 High

CVSS3

9 Critical

CVSS3

Дефекты

CWE-79