CVE-2021-33732
CVE-2021-33732
In short
A flaw in SINEC NMS allows an authenticated user with high privileges to run unauthorized commands on the application's database by sending specially crafted requests. This could lead to unauthorized data access or system compromise.
Technical detail
SQL injection vulnerability in SINEC NMS webserver affecting versions < V1.0 SP2 Update 1. An authenticated attacker with elevated privileges can execute arbitrary database commands via malformed HTTP requests, potentially leading to data exfiltration, modification, or denial of service.
Summary generated and translated by AI from the official description.
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.
Affected products
Siemens · SINEC NMSWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →