Vulnerabilities > CVE-2023-35796 - Unspecified vulnerability in Siemens Sinema Server 14.0

CVSS 9.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

siemens

critical

NVD

Published: 2023-10-10

Updated: 2024-11-21

Summary

A vulnerability has been identified in SINEMA Server V14 (All versions). The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could perform a stored cross-site scripting (XSS) attack that may lead to arbitrary code execution with `SYSTEM` privileges on the application server. (ZDI-CAN-19823)

Vulnerable Configurations

Part	Description	Count
Application	Siemens Siemens Sinema Server 14.0	1

References

https://cert-portal.siemens.com/productcert/pdf/ssa-594373.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-594373.pdf