← back
CVE-2020-25237

CVE-2020-25237

EPSS 20.6%CWE-22
In short

A file upload vulnerability in SINEC NMS and SINEMA Server allows attackers to create or overwrite arbitrary files by uploading specially crafted zip files with malicious paths. This happens because the system doesn't properly validate that extracted files stay within the intended directory.

Technical detail

Path traversal vulnerability (Zip-Slip) in zip file extraction routines affecting SINEC NMS <V1.0 SP1 Update 1 and SINEMA Server <V14.0 SP2 Update 2. An attacker with file upload capability can exploit insufficient path validation to escape the target directory and write files to arbitrary system locations, potentially achieving code execution or system compromise.

Summary generated and translated by AI from the official description.
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1 Update 1), SINEMA Server (All versions < V14.0 SP2 Update 2). When uploading files to an affected system using a zip container, the system does not correctly check if the relative file path of the extracted files is still within the intended target directory. With this an attacker could create or overwrite arbitrary files on an affected system. This type of vulnerability is also known as 'Zip-Slip'. (ZDI-CAN-12054)
Affected products
Siemens · SINEC NMSSiemens · SINEMA Server

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://cert-portal.siemens.com/productcert/pdf/ssa-156833.pdfhttps://us-cert.cisa.gov/ics/advisories/icsa-21-040-03https://www.zerodayinitiative.com/advisories/ZDI-21-253/