CVE-2021-33731
CVE-2021-33731
In short
A privileged user with access to SINEC NMS can send specially crafted requests to the web server to run unauthorized commands in the local database. This allows an insider threat to compromise the database integrity and potentially steal or modify critical network management data.
Technical detail
SQL injection vulnerability in SINEC NMS web server allows authenticated users with elevated privileges to execute arbitrary SQL commands against the local database. The attack requires valid authentication credentials and crafted HTTP requests; successful exploitation results in unauthorized database access and potential data exfiltration or modification.
Summary generated and translated by AI from the official description.
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.
Affected products
Siemens · SINEC NMSWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →