CWE
22
Advisory Published
Updated

CVE-2024-41938: Path Traversal

First published: Tue Aug 13 2024(Updated: )

A vulnerability has been identified in SINEC NMS (All versions < V3.0). The importCertificate function of the SINEC NMS Control web application contains a path traversal vulnerability. This could allow an authenticated attacker it to delete arbitrary certificate files on the drive SINEC NMS is installed on.

Credit: productcert@siemens.com

Affected SoftwareAffected VersionHow to fix
Siemens SINEC NMS SP1 Update 1<3.0

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is the severity of CVE-2024-41938?

    CVE-2024-41938 is considered a critical vulnerability due to its potential for remote file deletion by authenticated attackers.

  • How do I fix CVE-2024-41938?

    To fix CVE-2024-41938, upgrade SINEC NMS to version 3.0 or later to eliminate the path traversal vulnerability.

  • What kind of attack is possible with CVE-2024-41938?

    CVE-2024-41938 allows authenticated attackers to perform a path traversal attack, enabling them to delete arbitrary certificate files.

  • Which versions of SINEC NMS are affected by CVE-2024-41938?

    All versions of SINEC NMS prior to version 3.0 are affected by CVE-2024-41938.

  • Can unauthenticated users exploit CVE-2024-41938?

    No, CVE-2024-41938 can only be exploited by authenticated users of the SINEC NMS Control web application.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203