A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected software do not properly check privileges between users during the same web browser session, creating an unintended sphere of control. This could allow an authenticated low privileged user to achieve privilege escalation.
References
Link | Resource |
---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-250085.pdf | Mitigation Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
10 Oct 2023, 11:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected software do not properly check privileges between users during the same web browser session, creating an unintended sphere of control. This could allow an authenticated low privileged user to achieve privilege escalation. | |
CWE | CWE-269 |
10 Jul 2023, 19:34
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-Other | |
CPE | cpe:2.3:a:siemens:sinema_server:14.0:*:*:*:*:*:*:* | |
First Time |
Siemens sinema Server
|
14 Mar 2023, 10:15
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 7.3 |
Summary | A vulnerability has been identified in SINEC NMS (All versions < V1.0.3), SINEC NMS (All versions >= V1.0.3), SINEMA Server V14 (All versions). The affected software do not properly check privileges between users during the same web browser session, creating an unintended sphere of control. This could allow an authenticated low privileged user to achieve privilege escalation. |
10 Feb 2023, 03:08
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 8.8 |
11 Oct 2022, 11:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A vulnerability has been identified in SINEC NMS (All versions < V1.0.3), SINEC NMS (All versions >= V1.0.3). The affected software do not properly check privileges between users during the same web browser session, creating an unintended sphere of control. This could allow an authenticated low privileged user to achieve privilege escalation. |
11 Mar 2022, 18:56
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:siemens:sinec_network_management_system:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 7.2 |
CWE | CWE-269 | |
First Time |
Siemens
Siemens sinec Network Management System |
|
References | (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-250085.pdf - Mitigation, Vendor Advisory |
08 Mar 2022, 12:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-03-08 12:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-25311
Mitre link : CVE-2022-25311
CVE.ORG link : CVE-2022-25311
JSON object : View
Products Affected
siemens
- sinec_network_management_system
- sinema_server
CWE