CVE-2021-33721
Summary
| CVE | CVE-2021-33721 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-08-10 11:15:00 UTC |
| Updated | 2021-08-17 21:05:00 UTC |
| Description | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2). The affected application incorrectly neutralizes special elements when creating batch operations which could lead to command injection. An authenticated remote attacker with administrative privileges could exploit this vulnerability to execute arbitrary code on the system with system privileges. |
Risk And Classification
Problem Types: CWE-78
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Siemens | Sinec Network Management System | All | All | All | All |
| Application | Siemens | Sinec Network Management System | 1.0 | - | All | All |
| Application | Siemens | Sinec Network Management System | 1.0 | sp1 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| cert-portal.siemens.com/productcert/pdf/ssa-756744.pdf | MISC | cert-portal.siemens.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.