Back to search
CVE-2021-33728
Published: Oct 12, 2021
Modified: Aug 3, 2024
PUBLISHED
Description
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to upload JSON objects that are deserialized to JAVA objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this vulnerability by sending a crafted serialized Java object. An exploit could allow the attacker to execute arbitrary code on the device with root privileges.
| Vendor | Product | Versions |
|---|---|---|
Siemens | SINEC NMS | affected All versions < V1.0 SP2 Update 1 |
Weaknesses (CWE)
References
https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now