Siemens SINEMA Server < 13 SP2 Unquoted Service Path Local Privilege Escalation (SSA-701708)
Medium Nessus Plugin ID 95714
SynopsisAn application installed on the remote host is affected by a local privilege escalation vulnerability.
DescriptionThe version of Siemens SINEMA Server installed on the remote Windows host is prior to version 13 SP2. It is, therefore, affected by a local privilege escalation vulnerability due to an unquoted service path. A local attacker can exploit this, via a malicious executable in the root path, to elevate privileges.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
SolutionUpgrade to Siemens SINEMA Server version 13 SP2 or later.