CVE-2024-47553

A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate user input to the ```ssmctl-client``` command. This could allow an authenticated, lowly privileged remote attacker to execute arbitrary code with root privileges on the underlying OS.
References
Link Resource
https://cert-portal.siemens.com/productcert/html/ssa-430425.html Patch Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:siemens:sinec_security_monitor:*:*:*:*:*:*:*:*

History

11 Oct 2024, 20:04

Type Values Removed Values Added
First Time Siemens
Siemens sinec Security Monitor
CPE cpe:2.3:a:siemens:sinec_security_monitor:*:*:*:*:*:*:*:*
References () https://cert-portal.siemens.com/productcert/html/ssa-430425.html - () https://cert-portal.siemens.com/productcert/html/ssa-430425.html - Patch, Third Party Advisory

10 Oct 2024, 12:56

Type Values Removed Values Added
Summary
  • (es) Se ha identificado una vulnerabilidad en Siemens SINEC Security Monitor (todas las versiones anteriores a la V4.9.0). La aplicación afectada no valida correctamente la entrada del usuario en el comando ```ssmctl-client```. Esto podría permitir que un atacante remoto autenticado y con pocos privilegios ejecute código arbitrario con privilegios de root en el sistema operativo subyacente.

08 Oct 2024, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-08 09:15

Updated : 2024-10-11 20:04


NVD link : CVE-2024-47553

Mitre link : CVE-2024-47553

CVE.ORG link : CVE-2024-47553


JSON object : View

Products Affected

siemens

  • sinec_security_monitor
CWE
CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')