CVE-2021-33730
CVE-2021-33730
In short
A flaw in SINEC NMS allows an attacker with admin access to run unauthorized commands on the database through specially crafted web requests. This could lead to complete compromise of the system and data theft.
Technical detail
SQL injection vulnerability in SINEC NMS webserver allows authenticated privileged users to execute arbitrary SQL commands against the local database. Attack vector requires valid credentials and crafted HTTP requests; impact includes unauthorized data access and potential system compromise.
Summary generated and translated by AI from the official description.
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.
Affected products
Siemens · SINEC NMSWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →