CVE-2024-41939

EUVD-2024-39285
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and elevate their privileges on the application.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
siemensCNA
8.8 HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 23%
Affected Products (NVD)
VendorProductVersion
siemenssinec_nms
𝑥
< 3.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cert-portal.siemens.com/productcert/html/ssa-784301.html