Vulnerabilities > Siemens > Sinec Network Management System

DATE CVE VULNERABILITY TITLE RISK
2022-04-01 CVE-2022-22965 Code Injection vulnerability in multiple products
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.
network
low complexity
vmware cisco oracle siemens veritas CWE-94
critical
 9.8
9.8
2022-03-08 CVE-2022-24281 SQL Injection vulnerability in Siemens Sinec Network Management System 1.0.3
A vulnerability has been identified in SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions).
network
low complexity
siemens CWE-89
7.2
7.2
2022-03-08 CVE-2022-24282 Deserialization of Untrusted Data vulnerability in Siemens Sinec Network Management System 1.0.3
A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions).
network
low complexity
siemens CWE-502
7.2
7.2
2022-03-08 CVE-2022-25311 Improper Privilege Management vulnerability in Siemens Sinec Network Management System and Sinema Server
A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions).
local
low complexity
siemens CWE-269
7.3
7.3
2021-09-14 CVE-2021-37200 Path Traversal vulnerability in Siemens Sinec Network Management System 1.0
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1).
network
low complexity
siemens CWE-22
4.0
4.0
2021-09-14 CVE-2021-37201 Cross-Site Request Forgery (CSRF) vulnerability in Siemens Sinec Network Management System 1.0
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1).
network
siemens CWE-352
6.8
6.8
2021-08-10 CVE-2021-33721 OS Command Injection vulnerability in Siemens Sinec Network Management System 1.0
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2).
network
low complexity
siemens CWE-78
critical
 9.0
9.0
2021-02-09 CVE-2020-25237 Path Traversal vulnerability in Siemens Sinec Network Management System and Sinema Server
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1 Update 1), SINEMA Server (All versions < V14.0 SP2 Update 2).
network
low complexity
siemens CWE-22
5.5
5.5
2020-06-10 CVE-2020-7580 Unquoted Search Path or Element vulnerability in Siemens products
A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Upd3), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC ProSave (All versions < V17), SIMATIC S7-1500 Software Controller (All versions < V21.8), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2 Update 4), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMATIC STEP 7 V5 (All versions < V5.6 SP2 HF3), SIMATIC WinCC OA V3.16 (All versions < V3.16 P018), SIMATIC WinCC OA V3.17 (All versions < V3.17 P003), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 2), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Update 4), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Update 5), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 3), SINAMICS STARTER (All Versions < V5.4 HF2), SINAMICS Startdrive (All Versions < V16 Update 3), SINEC NMS (All versions < V1.0 SP2), SINEMA Server (All versions < V14 SP3), SINUMERIK ONE virtual (All Versions < V6.14), SINUMERIK Operate (All Versions < V6.14).
local
low complexity
siemens CWE-428
6.7
6.7