QID 591301

Date Published: 2023-01-24

QID 591301: Siemens SINEC NMS Arbitrary Code Execution Vulnerability (SSA-371761 V1.0.3)

A vulnerability in Spring Framework was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2022-22965 and is also known as Spring4Shell or SpringShell.

SINEC NMS: All versions prior to V1.0.3

QID Detection Logic (Authenticated):
QID checks for the Vulnerable version of Siemens using registry "HKLM\SOFTWARE\Siemens"

Successful exploitation of this vulnerability could allow attackers with write access to the logback configuration file to execute arbitrary code on the system.

  • CVSS V3 rated as High - 6.6 severity.
  • CVSS V2 rated as Critical - 8.5 severity.
  • Solution

    Customers are advised to refer to CERT MITIGATIONS section SSA-371761 for affected packages and patching details.

    CVEs related to QID 591301

    Software Advisories
    Advisory ID Software Component Link
    SSA-371761 URL Logo cert-portal.siemens.com/productcert/html/ssa-371761.html