CVE-2022-25311 vulnerability in Siemens Products
Published on March 8, 2022
A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected software do not properly check privileges between users during the same web browser session, creating an unintended sphere of control. This could allow an authenticated low privileged user to achieve privilege escalation.
Weakness Type
Improper Privilege Management
The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Products Associated with CVE-2022-25311
stack.watch emails you whenever new vulnerabilities are published in Siemens Sinec Network Management System or Siemens Sinema Server. Just hit a watch button to start following.
Affected Versions
Siemens SINEC NMS:- Version All versions >= V1.0.3 < V2.0 is affected.
- Version All versions < V1.0.3 is affected.
- Version All versions is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.