Siemens SINEC NMS < V1.0 SP2 Update 1 Multiple Vulnerabilities

critical Nessus Plugin ID 162727

Synopsis

Siemens SINEC NMS Server installed on the remote host is affected by a privilege escalation vulnerability.

Description

The version of Siemens SINEC NMS Server installed on the remote host is affected by multiple vulnerabilities, including the following:

- A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to upload JSON objects that are deserialized to JAVA objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this vulnerability by sending a crafted serialized Java object. An exploit could allow the attacker to execute arbitrary code on the device with root privileges. (CVE-2021-33728)

- A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker that is able to import firmware containers to an affected system could execute arbitrary commands in the local database. (CVE-2021-33729)

- A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system contains an Arbitrary File Deletion vulnerability that possibly allows to delete an arbitrary file or directory under a user controlled path. (CVE-2021-33724)

- A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. (CVE-2021-33736)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Siemens SINEC NMS Server version 11 Update 3 or later.

See Also

https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf

http://www.nessus.org/u?e898f4ea

Plugin Details

Severity: Critical

ID: 162727

File Name: siemens_sinec_nms_1_0_2_1.nasl

Version: 1.3

Type: local

Agent: windows

Family: Windows

Published: 7/5/2022

Updated: 3/23/2023

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2021-33728

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2021-33725

Vulnerability Information

CPE: cpe:/a:siemens:sinec_nms

Required KB Items: installed_sw/SINEC NMS

Exploit Ease: No known exploits are available

Patch Publication Date: 10/12/2021

Vulnerability Publication Date: 7/1/2022

Reference Information

CVE: CVE-2021-33722, CVE-2021-33723, CVE-2021-33724, CVE-2021-33725, CVE-2021-33726, CVE-2021-33727, CVE-2021-33728, CVE-2021-33729, CVE-2021-33730, CVE-2021-33731, CVE-2021-33732, CVE-2021-33733, CVE-2021-33734, CVE-2021-33735, CVE-2021-33736