{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-47808", "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "state": "PUBLISHED", "assignerShortName": "siemens", "dateReserved": "2024-10-02T12:40:26.553Z", "datePublished": "2024-11-12T12:49:48.462Z", "dateUpdated": "2024-11-12T16:25:18.148Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens", "dateUpdated": "2024-11-12T12:49:48.462Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SINEC NMS (All versions < V3.0 SP1). The affected application contains a database function, that does not properly restrict the permissions of users to write to the filesystem of the host system.\r\nThis could allow an authenticated medium-privileged attacker to write arbitrary content to any location in the filesystem of the host system."}], "affected": [{"vendor": "Siemens", "product": "SINEC NMS", "versions": [{"status": "affected", "version": "0", "lessThan": "V3.0 SP1", "versionType": "custom"}], "defaultStatus": "unknown"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H/E:P/RL:O/RC:C", "baseScore": 8.4, "baseSeverity": "HIGH"}}, {"cvssV4_0": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H", "baseScore": 8.3, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-732", "description": "CWE-732: Incorrect Permission Assignment for Critical Resource", "type": "CWE"}]}], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-331112.html"}]}, "adp": [{"affected": [{"vendor": "siemens", "product": "sinec_nms", "cpes": ["cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "v3.0_sp1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-12T16:24:29.177504Z", "id": "CVE-2024-47808", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-12T16:25:18.148Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-47808", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-12T16:24:29.177504Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*"], "vendor": "siemens", "product": "sinec_nms", "versions": [{"status": "affected", "version": "0", "lessThan": "v3.0_sp1", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-12T16:25:13.481Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.4, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H/E:P/RL:O/RC:C"}}, {"cvssV4_0": {"version": "4.0", "baseScore": 8.3, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H"}}], "affected": [{"vendor": "Siemens", "product": "SINEC NMS", "versions": [{"status": "affected", "version": "0", "lessThan": "V3.0 SP1", "versionType": "custom"}], "defaultStatus": "unknown"}], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-331112.html"}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SINEC NMS (All versions < V3.0 SP1). The affected application contains a database function, that does not properly restrict the permissions of users to write to the filesystem of the host system.\r\nThis could allow an authenticated medium-privileged attacker to write arbitrary content to any location in the filesystem of the host system."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-732", "description": "CWE-732: Incorrect Permission Assignment for Critical Resource"}]}], "providerMetadata": {"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens", "dateUpdated": "2024-11-12T12:49:48.462Z"}}}, "cveMetadata": {"cveId": "CVE-2024-47808", "state": "PUBLISHED", "dateUpdated": "2024-11-12T16:25:18.148Z", "dateReserved": "2024-10-02T12:40:26.553Z", "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "datePublished": "2024-11-12T12:49:48.462Z", "assignerShortName": "siemens"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*", "matchCriteriaId": "AE06B8AF-B36C-4743-A056-30712163F75B", "versionEndExcluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:sinec_nms:3.0:-:*:*:*:*:*:*", "matchCriteriaId": "F9DFB8E7-F902-44FA-BA35-B11C4BA95336", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SINEC NMS (All versions < V3.0 SP1). The affected application contains a database function, that does not properly restrict the permissions of users to write to the filesystem of the host system.\r\nThis could allow an authenticated medium-privileged attacker to write arbitrary content to any location in the filesystem of the host system."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en SINEC NMS (todas las versiones &lt; V3.0 SP1). La aplicaci\u00f3n afectada contiene una funci\u00f3n de base de datos que no restringe adecuadamente los permisos de los usuarios para escribir en el sistema de archivos del sistema host. Esto podr\u00eda permitir que un atacante autenticado con privilegios medios escriba contenido arbitrario en cualquier ubicaci\u00f3n del sistema de archivos del sistema host."}], "id": "CVE-2024-47808", "lastModified": "2024-11-13T23:14:07.650", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 5.8, "source": "productcert@siemens.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "NONE", "vulnerableSystemIntegrity": "HIGH"}, "source": "productcert@siemens.com", "type": "Secondary"}]}, "published": "2024-11-12T13:15:10.677", "references": [{"source": "productcert@siemens.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/html/ssa-331112.html"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "productcert@siemens.com", "type": "Primary"}]}

{}

{}