all InfoSec news
SSA-594373 V1.0: Cross-Site-Scripting (XSS) Vulnerability in SINEMA Server V14
Siemens ProductCERT Security Advisories cert-portal.siemens.com
SINEMA Server V14 improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could perform a stored cross-site scripting (XSS) attack that may lead to arbitrary code execution with SYSTEM
privileges on the application server.
Siemens recommends to migrate to its successor product SINEC NMS V2.0 or later. Siemens recommends to apply specific countermeasures for products where updates are not, or not yet available.
access application arbitrary code attack attacker code code execution configuration cross-site data device devices may privileges product scripting server siemens snmp ssa system system privileges vulnerability xss