Sign-up

ID

VAR-202412-3098


TITLE

Siemens SINEC NMS Buffer Overflow Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-48431

DESCRIPTION

SINEC NMS is a network management system (NMS) that can scale to handle network structures of all sizes in an increasingly digital world. The system can be used to centrally monitor, manage and configure industrial networks covering tens of thousands of devices around the clock, including safety-related areas. A buffer overflow vulnerability exists in Siemens SINEC NMS that can be exploited by an unauthenticated remote attacker to execute arbitrary code.

Trust: 0.6

sources: CNVD: CNVD-2024-48431

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-48431

AFFECTED PRODUCTS

vendor:siemensmodel:sinec nms(umcscope:ltversion:v2.15)

Trust: 0.6

sources: CNVD: CNVD-2024-48431

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2024-48431
value: HIGH

Trust: 0.6

CNVD: CNVD-2024-48431
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2024-48431

PATCH

title:Patch for Siemens SINEC NMS Buffer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/643001

Trust: 0.6

sources: CNVD: CNVD-2024-48431

EXTERNAL IDS

db:CNVDid:CNVD-2024-48431

Trust: 0.6

sources: CNVD: CNVD-2024-48431

SOURCES

db:CNVDid:CNVD-2024-48431

LAST UPDATE DATE

2025-01-11T23:12:51.981000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-48431date:2024-12-17T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-48431date:2024-12-17T00:00:00