1.0.3

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

siemens

NVD

Published: 2023-10-10

Updated: 2024-11-21

Summary

A vulnerability has been identified in SINEC NMS (All versions < V2.0). The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could prepare a stored cross-site scripting (XSS) attack that may lead to unintentional modification of application data by legitimate users.

Vulnerable Configurations

Part	Description	Count
Application	Siemens Siemens Sinec NMS 1.0 Siemens Sinec NMS 1.0.3	5

References

https://cert-portal.siemens.com/productcert/html/ssa-160243.html
https://cert-portal.siemens.com/productcert/html/ssa-160243.html
https://cert-portal.siemens.com/productcert/pdf/ssa-160243.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-160243.pdf