CVE-2022-24282
First published: Tue Mar 08 2022(Updated: )
A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected system allows to upload JSON objects that are deserialized to Java objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this vulnerability by sending a maliciously crafted serialized Java object. This could allow the attacker to execute arbitrary code on the device with root privileges.
Credit: productcert@siemens.com productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens Sinec Network Management System | >=1.0.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2022-24282.
What is the severity of CVE-2022-24282?
The severity of CVE-2022-24282 is high with a CVSS score of 7.2.
Which software versions are affected by CVE-2022-24282?
All versions of SINEC NMS >= V1.0.3 < V2.0, SINEC NMS < V1.0.3, and SINEMA Server V14 are affected.
What is the CWE of CVE-2022-24282?
The CWE of CVE-2022-24282 is 502.
How can I fix CVE-2022-24282?
Apply the latest security patches or updates provided by Siemens to fix CVE-2022-24282.
- collector/nvd-api
- collector/nvd-index
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/weakness
- agent/last-modified-date
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- vendor/siemens
- canonical/siemens sinec network management system
- version/siemens sinec network management system/1.0.3