CVE-2022-25311
First published: Tue Mar 08 2022(Updated: )
A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected software do not properly check privileges between users during the same web browser session, creating an unintended sphere of control. This could allow an authenticated low privileged user to achieve privilege escalation.
Credit: productcert@siemens.com productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens Sinec Network Management System | <1.0.3 | |
| Siemens SINEMA Server | =14.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2022-25311.
What is the severity of CVE-2022-25311?
The severity of CVE-2022-25311 is high (7.3).
Which software versions are affected by CVE-2022-25311?
All versions of SINEC NMS >= V1.0.3 < V2.0 and all versions of SINEMA Server V14 are affected by CVE-2022-25311.
What is the impact of CVE-2022-25311?
CVE-2022-25311 allows unauthorized privilege escalation, potentially leading to unauthorized access and control of the affected software.
Is there a fix for CVE-2022-25311?
The vendor has provided a fix for CVE-2022-25311. Please refer to the vendor's advisory for more information.
- collector/nvd-api
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/siemens
- canonical/siemens sinec network management system
- canonical/siemens sinema server
- version/siemens sinema server/14.0