Vulnerability Description
A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected software do not properly check privileges between users during the same web browser session, creating an unintended sphere of control. This could allow an authenticated low privileged user to achieve privilege escalation.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Sinec Network Management System | < 1.0.3 |
| Siemens | Sinema Server | 14.0 |
Related Weaknesses (CWE)
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-250085.pdfMitigationVendor Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-250085.pdfMitigationVendor Advisory
FAQ
What is CVE-2022-25311?
CVE-2022-25311 is a vulnerability with a CVSS score of 7.3 (HIGH). A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected software do not properly check privi...
How severe is CVE-2022-25311?
CVE-2022-25311 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-25311?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Sinec Network Management System, Siemens Sinema Server.