A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly neutralize special elements in user input to the ```ssmctl-client``` command.
This could allow an authenticated, lowly privileged local attacker to execute privileged commands in the underlying OS.
This could allow an authenticated, lowly privileged local attacker to execute privileged commands in the underlying OS.
Metrics
Affected Vendors & Products
References
History
Tue, 08 Oct 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Siemens
Siemens sinec Security Monitor |
|
CPEs | cpe:2.3:a:siemens:sinec_security_monitor:*:*:*:*:*:*:*:* | |
Vendors & Products |
Siemens
Siemens sinec Security Monitor |
|
Metrics |
ssvc
|
Tue, 08 Oct 2024 09:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly neutralize special elements in user input to the ```ssmctl-client``` command. This could allow an authenticated, lowly privileged local attacker to execute privileged commands in the underlying OS. | |
Weaknesses | CWE-77 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: siemens
Published:
Updated: 2024-10-08T16:36:39.580Z
Reserved: 2024-09-27T10:43:07.505Z
Link: CVE-2024-47562

Updated: 2024-10-08T16:36:34.083Z

Status : Analyzed
Published: 2024-10-08T09:15:18.110
Modified: 2024-10-11T20:04:35.480
Link: CVE-2024-47562

No data.

No data.