First published: Tue Sep 14 2021(Updated: )
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1). An attacker with access to the webserver of an affected system could download arbitrary files from the underlying filesystem by sending a specially crafted HTTP request.
Credit: productcert@siemens.com
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens Sinec Network Management System | <1.0 | |
Siemens Sinec Network Management System | =1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2021-37200.
The affected software is Siemens Sinec Network Management System (All versions < V1.0 SP1).
The severity of CVE-2021-37200 is high with a CVSS score of 7.7.
An attacker with access to the webserver of an affected system can download arbitrary files from the underlying filesystem by sending a specially crafted HTTP request.
Yes, upgrading to version V1.0 SP1 of Siemens Sinec Network Management System resolves the vulnerability.