← Back to home
SIEMENS-SSA-156833  ·  Published 2021-02-09  ·  View on Siemens ProductCERT ↗

SSA-156833 V1.0: Zip-Slip Directory Traversal Vulnerability in SINEMA Server and SINEC NMS

CVSS N/A MEDIUM

Risk Summary

<p>There exists a directory traversal vulnerability which allows arbitrary file upload to an affected system. This type of vulnerability is also known as ‘Zip-Slip’. An authenticated attacker could exploit this vulnerability to gain arbitrary code execution by uploading a new or modifying an existing file to an affected system.</p> <p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>

Remediations

  • Refer to Siemens ProductCERT advisory for patch and remediation guidance.

Affected Vendors

Siemens

Affected Products (1)

Siemens · SSA-156833 V1.0: Zip-Slip Directory Traversal Vulnerability in SINEMA Server and SINEC NMS See advisory

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more