CVE-2021-33734
CVE-2021-33734
In short
A flaw in SINEC NMS allows a logged-in attacker with special privileges to run unauthorized commands on the system's database by sending specially crafted requests. This could lead to complete compromise of the database and the data it contains.
Technical detail
SQL injection vulnerability in SINEC NMS webserver allows authenticated privileged users to execute arbitrary database commands through crafted requests. The attack requires valid credentials with elevated permissions and impacts the confidentiality, integrity, and availability of the local database.
Summary generated and translated by AI from the official description.
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.
Affected products
Siemens · SINEC NMSWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →