← Back to home
SIEMENS-SSA-594373  ·  Published 2023-10-10  ·  View on Siemens ProductCERT ↗

SSA-594373 V1.0: Cross-Site-Scripting (XSS) Vulnerability in SINEMA Server V14

CVSS N/A MEDIUM

Risk Summary

<p>SINEMA Server V14 improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could perform a stored cross-site scripting (XSS) attack that may lead to arbitrary code execution with <code>SYSTEM</code> privileges on the application server.</p> <p>Siemens recommends to migrate to its successor product SINEC NMS V2.0 or later. Siemens recommends to apply specific countermeasures for products where updates are not, or not yet available.</p>

Remediations

  • Refer to Siemens ProductCERT advisory for patch and remediation guidance.

Affected Vendors

Siemens

Affected Products (1)

Siemens · SSA-594373 V1.0: Cross-Site-Scripting (XSS) Vulnerability in SINEMA Server V14 See advisory

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more