CVE-2023-35796 is a vulnerability in Siemens Sinema Server
Published on October 10, 2023
A vulnerability has been identified in SINEMA Server V14 (All versions). The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could perform a stored cross-site scripting (XSS) attack that may lead to arbitrary code execution with `SYSTEM` privileges on the application server. (ZDI-CAN-19823)
Vulnerability Analysis
CVE-2023-35796 is exploitable with network access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
What is a XSS Vulnerability?
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2023-35796 has been classified to as a XSS vulnerability or weakness.
Products Associated with CVE-2023-35796
You can be notified by stack.watch whenever vulnerabilities like CVE-2023-35796 are published in these products:
What versions of Sinema Server are vulnerable to CVE-2023-35796?
-
Siemens Sinema Server
Version 14.0