CVE-2022-25311 vulnerability in Siemens Products
Published on March 8, 2022
A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected software do not properly check privileges between users during the same web browser session, creating an unintended sphere of control. This could allow an authenticated low privileged user to achieve privilege escalation.
Weakness Type
Improper Privilege Management
The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Products Associated with CVE-2022-25311
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-25311 are published in these products:
Affected Versions
Siemens SINEC NMS:- Version All versions >= V1.0.3 < V2.0 is affected.
- Version All versions < V1.0.3 is affected.
- Version All versions is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.