ID

VAR-202102-0295


CVE

CVE-2020-25237


TITLE

SINEC NMS  and  SINEMA Server  Traversal Vulnerability in Japan

Trust: 0.8

sources: JVNDB: JVNDB-2020-016032

DESCRIPTION

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1 Update 1), SINEMA Server (All versions < V14.0 SP2 Update 2). When uploading files to an affected system using a zip container, the system does not correctly check if the relative file path of the extracted files is still within the intended target directory. With this an attacker could create or overwrite arbitrary files on an affected system. This type of vulnerability is also known as 'Zip-Slip'. (ZDI-CAN-12054). SINEC NMS and SINEMA Server Contains a path traversal vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-12054 Was numbered.Information is tampered with and denial of service (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens SINEC NMS. Authentication is required to exploit this vulnerability.The specific flaw exists within the FirmwareFileUtils class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Siemens SINE CNMS is a new generation of network management system enterprise account for digital libraries. This system can be used to centrally monitor, manage and configure the network. Siemens SINEMA Server is a network monitoring and management software designed by Siemens for industrial Ethernet. There is a security vulnerability in SINEC NMS, and there is no relevant information about this vulnerability at present, please pay attention to CNNVD or manufacturer announcements at any time

Trust: 2.97

sources: NVD: CVE-2020-25237 // JVNDB: JVNDB-2020-016032 // ZDI: ZDI-21-253 // CNVD: CNVD-2021-11835 // VULHUB: VHN-179195 // VULMON: CVE-2020-25237

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-11835

AFFECTED PRODUCTS

vendor:siemensmodel:sinec network management systemscope:ltversion:1.0

Trust: 1.0

vendor:siemensmodel:sinema serverscope:eqversion:14.0

Trust: 1.0

vendor:siemensmodel:sinema serverscope:ltversion:14.0

Trust: 1.0

vendor:siemensmodel:sinec network management systemscope:eqversion:1.0

Trust: 1.0

vendor:シーメンスmodel:sinec nmsscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:sinema サーバscope: - version: -

Trust: 0.8

vendor:siemensmodel:sinec nmsscope: - version: -

Trust: 0.7

vendor:siemensmodel:sinec nms sp1 updatescope:ltversion:v1.01

Trust: 0.6

vendor:siemensmodel:sinema server sp2 updatescope:ltversion:v14.02

Trust: 0.6

sources: ZDI: ZDI-21-253 // CNVD: CNVD-2021-11835 // JVNDB: JVNDB-2020-016032 // NVD: CVE-2020-25237

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-25237
value: HIGH

Trust: 1.0

NVD: CVE-2020-25237
value: HIGH

Trust: 0.8

ZDI: CVE-2020-25237
value: HIGH

Trust: 0.7

CNVD: CNVD-2021-11835
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202102-840
value: HIGH

Trust: 0.6

VULHUB: VHN-179195
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-25237
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-25237
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2021-11835
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-179195
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-25237
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2020-25237
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2020-25237
baseSeverity: HIGH
baseScore: 8.8
vectorString: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-21-253 // CNVD: CNVD-2021-11835 // VULHUB: VHN-179195 // VULMON: CVE-2020-25237 // JVNDB: JVNDB-2020-016032 // CNNVD: CNNVD-202102-840 // NVD: CVE-2020-25237

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.1

problemtype:Path traversal (CWE-22) [ Other ]

Trust: 0.8

sources: VULHUB: VHN-179195 // JVNDB: JVNDB-2020-016032 // NVD: CVE-2020-25237

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202102-840

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202102-840

PATCH

title:SSA-156833url:https://cert-portal.siemens.com/productcert/pdf/ssa-156833.pdf

Trust: 0.8

title: - url:https://us-cert.cisa.gov/ics/advisories/icsa-21-040-03https://cert-portal.siemens.com/productcert/pdf/ssa-156833.pdf

Trust: 0.7

title:Patch for Siemens SINEMA Server and SINE CNMS catalog traversal vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/248771

Trust: 0.6

title:SINEC NMS Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=141262

Trust: 0.6

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=bee3f161c685335c061e9d57ac79a176

Trust: 0.1

sources: ZDI: ZDI-21-253 // CNVD: CNVD-2021-11835 // VULMON: CVE-2020-25237 // JVNDB: JVNDB-2020-016032 // CNNVD: CNNVD-202102-840

EXTERNAL IDS

db:NVDid:CVE-2020-25237

Trust: 3.9

db:ZDIid:ZDI-21-253

Trust: 3.3

db:ICS CERTid:ICSA-21-040-03

Trust: 2.6

db:SIEMENSid:SSA-156833

Trust: 2.4

db:JVNid:JVNVU91083521

Trust: 0.8

db:JVNDBid:JVNDB-2020-016032

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-12054

Trust: 0.7

db:CNVDid:CNVD-2021-11835

Trust: 0.6

db:AUSCERTid:ESB-2021.0474

Trust: 0.6

db:CNNVDid:CNNVD-202102-840

Trust: 0.6

db:VULHUBid:VHN-179195

Trust: 0.1

db:VULMONid:CVE-2020-25237

Trust: 0.1

sources: ZDI: ZDI-21-253 // CNVD: CNVD-2021-11835 // VULHUB: VHN-179195 // VULMON: CVE-2020-25237 // JVNDB: JVNDB-2020-016032 // CNNVD: CNNVD-202102-840 // NVD: CVE-2020-25237

REFERENCES

url:https://www.zerodayinitiative.com/advisories/zdi-21-253/

Trust: 3.3

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-040-03

Trust: 3.2

url:https://cert-portal.siemens.com/productcert/pdf/ssa-156833.pdf

Trust: 2.4

url:http://jvn.jp/vu/jvnvu91083521

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-25237

Trust: 0.8

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-040-03https://cert-portal.siemens.com/productcert/pdf/ssa-156833.pdf

Trust: 0.7

url:https://www.auscert.org.au/bulletins/esb-2021.0474

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/22.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://cert-portal.siemens.com/productcert/txt/ssa-156833.txt

Trust: 0.1

sources: ZDI: ZDI-21-253 // CNVD: CNVD-2021-11835 // VULHUB: VHN-179195 // VULMON: CVE-2020-25237 // JVNDB: JVNDB-2020-016032 // CNNVD: CNNVD-202102-840 // NVD: CVE-2020-25237

CREDITS

rgod

Trust: 0.7

sources: ZDI: ZDI-21-253

SOURCES

db:ZDIid:ZDI-21-253
db:CNVDid:CNVD-2021-11835
db:VULHUBid:VHN-179195
db:VULMONid:CVE-2020-25237
db:JVNDBid:JVNDB-2020-016032
db:CNNVDid:CNNVD-202102-840
db:NVDid:CVE-2020-25237

LAST UPDATE DATE

2024-08-14T13:13:07.721000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-21-253date:2021-02-25T00:00:00
db:CNVDid:CNVD-2021-11835date:2021-04-12T00:00:00
db:VULHUBid:VHN-179195date:2021-03-10T00:00:00
db:VULMONid:CVE-2020-25237date:2021-03-10T00:00:00
db:JVNDBid:JVNDB-2020-016032date:2021-11-01T09:04:00
db:CNNVDid:CNNVD-202102-840date:2021-03-01T00:00:00
db:NVDid:CVE-2020-25237date:2021-03-10T12:52:29.993

SOURCES RELEASE DATE

db:ZDIid:ZDI-21-253date:2021-02-25T00:00:00
db:CNVDid:CNVD-2021-11835date:2021-02-22T00:00:00
db:VULHUBid:VHN-179195date:2021-02-09T00:00:00
db:VULMONid:CVE-2020-25237date:2021-02-09T00:00:00
db:JVNDBid:JVNDB-2020-016032date:2021-11-01T00:00:00
db:CNNVDid:CNNVD-202102-840date:2021-02-09T00:00:00
db:NVDid:CVE-2020-25237date:2021-02-09T17:15:13.517