A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privileges (ZDI-CAN-26571).

A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privileges (ZDI-CAN-26571).

Уязвимость метода unZipJarFilestoLocation системы сетевого управления для мониторинга промышленными сетями Siemens SINEC NMS, позволяющая нарушителю получить несанкционированный доступ на запись файлов и выполнить произвольный код