A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate user input to the ```ssmctl-client``` command.
This could allow an authenticated, lowly privileged remote attacker to execute arbitrary code with root privileges on the underlying OS.
References
Link | Resource |
---|---|
https://cert-portal.siemens.com/productcert/html/ssa-430425.html | Patch Third Party Advisory |
Configurations
History
11 Oct 2024, 20:04
Type | Values Removed | Values Added |
---|---|---|
First Time |
Siemens
Siemens sinec Security Monitor |
|
CPE | cpe:2.3:a:siemens:sinec_security_monitor:*:*:*:*:*:*:*:* | |
References | () https://cert-portal.siemens.com/productcert/html/ssa-430425.html - Patch, Third Party Advisory |
10 Oct 2024, 12:56
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
08 Oct 2024, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-08 09:15
Updated : 2024-10-11 20:04
NVD link : CVE-2024-47553
Mitre link : CVE-2024-47553
CVE.ORG link : CVE-2024-47553
JSON object : View
Products Affected
siemens
- sinec_security_monitor
CWE
CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')