Headline
CVE-2021-33723
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker could change the user profile of any user without proper authorization. With this, the attacker could change the password of any user in the affected system.
%PDF-1.5 %���� 1 0 obj << /D [2 0 R /XYZ 70.866 771.024 null] >> endobj 3 0 obj << /D [2 0 R /XYZ 70.866 646.963 null] >> endobj 4 0 obj << /D [2 0 R /XYZ 70.866 586.883 null] >> endobj 5 0 obj << /D [2 0 R /XYZ 70.866 462.011 null] >> endobj 6 0 obj << /D [2 0 R /XYZ 70.866 390.973 null] >> endobj 7 0 obj << /D [8 0 R /XYZ 85.039 223.66 null] >> endobj 9 0 obj << /D [10 0 R /XYZ 70.866 642.463 null] >> endobj 11 0 obj << /S /GoTo /D [2 0 R /Fit] >> endobj 2 0 obj << /Contents 12 0 R /Type /Page /Resources 13 0 R /Parent 14 0 R /Annots [15 0 R 16 0 R 17 0 R 18 0 R 19 0 R 20 0 R] /MediaBox [0 0 595.276 841.89] >> endobj 15 0 obj << /A << /S /URI /Type /Action /URI (https://support.industry.siemens.com/cs/ww/en/view/109802731/) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [303.117 487.411 518.276 498.828] >> endobj 17 0 obj << /A << /S /URI /Type /Action /URI (https://www.siemens.com/cert/operational-guidelines-industrial-security) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [164.798 298.9 487.754 310.437] >> endobj 18 0 obj << /A << /S /URI /Type /Action /URI (https://www.siemens.com/industrialsecurity) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [406.699 269.132 525.406 280.549] >> endobj 20 0 obj << /A << /S /URI /Type /Action /URI (https://www.first.org/cvss/) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [131.954 122.965 248.203 134.502] >> endobj 21 0 obj << /A << /S /URI /Type /Action /URI (https://cwe.mitre.org/) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [69.87 721.983 163.926 733.519] >> endobj 13 0 obj << /ProcSet [/PDF /Text] /Font << /F52 22 0 R /F49 23 0 R >> >> endobj 12 0 obj << /Filter /FlateDecode /Length 2944 >> stream xڵZKs�F��W��*�����Hr�YK֊��RvI�� ���o�
Related news
Cybersecurity researchers have disclosed details about 15 security flaws in Siemens SINEC network management system (NMS), some of which could be chained by an attacker to achieve remote code execution on affected systems. "The vulnerabilities, if exploited, pose a number of risks to Siemens devices on the network including denial-of-service attacks, credential leaks, and remote code execution