CVE-2022-30527

A vulnerability has been identified in SINEC NMS (All versions < V2.0). The affected application assigns improper access rights to specific folders containing executable files and libraries.

This could allow an authenticated local attacker to inject arbitrary code and escalate privileges.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
siemensCNA
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 23%
Affected Products (NVD)
VendorProductVersion
siemenssinec_nms
𝑥
< 2.0
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
siemenssinec-nms
𝑥
< 2.0
CNA
Common Weakness Enumeration
References
https://cert-portal.siemens.com/productcert/html/ssa-160243.html
https://cert-portal.siemens.com/productcert/pdf/ssa-160243.pdf
https://cert-portal.siemens.com/productcert/html/ssa-160243.html
https://cert-portal.siemens.com/productcert/pdf/ssa-160243.pdf