CVE-2022-24281 vulnerability in Siemens Products
Published on March 8, 2022
A vulnerability has been identified in SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). A privileged authenticated attacker could execute arbitrary commands in the local database by sending specially crafted requests to the webserver of the affected application.
Weakness Type
What is a SQL Injection Vulnerability?
The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
CVE-2022-24281 has been classified to as a SQL Injection vulnerability or weakness.
Products Associated with CVE-2022-24281
stack.watch emails you whenever new vulnerabilities are published in Siemens Sinec Network Management Syste or Siemens Sinec Network Management System. Just hit a watch button to start following.
Affected Versions
Siemens SINEC NMS:- Version All versions < V1.0.3 is affected.
- Version All versions is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.