Threat Encyclopedia

Siemens.SINEC.NMS.CVE-2021-33731.SQL.Injection

description-logoDescription

This indicates an attack attempt to exploit a SQL Injection Vulnerability in Siemens SINEC NMS.
The vulnerability is due to an input validation error when processing user input in SQL queries. A remote authenticated attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted server. Successful exploitation could result, in the worst case, in arbitrary code execution.

affected-products-logoAffected Products

Siemens SINEC NMS prior to o V1.0 SP2 Update 1

Impact

System Compromise: Remote attackers can add, view, delete or modify data in the database of the affected application

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf

Telemetry

CVE References

CVE-2021-33731

Other References

ICSA-21-287-05