CVE-2021-37200
CVE-2021-37200
In short
A flaw in SINEC NMS allows someone with access to the web server to download any file from the system by sending a specially crafted request. This exposes sensitive files that should not be accessible.
Technical detail
Path traversal vulnerability (CWE-22) in SINEC NMS webserver allows authenticated or local attackers to retrieve arbitrary files from the underlying filesystem through malformed HTTP requests. Exploitation requires network access to the affected webserver and could lead to disclosure of sensitive configuration files, credentials, or system data.
Summary generated and translated by AI from the official description.
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1). An attacker with access to the webserver of an affected system could download arbitrary files from the underlying filesystem by sending a specially crafted HTTP request.
Affected products
Siemens · SINEC NMSWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →