A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP2). Affected devices allow authenticated users to export monitoring data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download files from the file system. Under certain circumstances the downloaded files are deleted from the file system.

A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP2). Affected devices allow authenticated users to export monitoring data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download files from the file system. Under certain circumstances the downloaded files are deleted from the file system.

Уязвимость системы сетевого управления для мониторинга и управления промышленными сетями SINEC NMS, связанная с неверным ограничением имени пути к каталогу с ограниченным доступом, позволяющая нарушителю экспортировать данные мониторинга и загружать файлы из файловой системы