CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-35796

A vulnerability has been identified in SINEMA Server V14 (All versions). The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could perform a stored cross-site scripting (XSS) attack that may lead to arbitrary code execution with `SYSTEM` privileges on the application server. (ZDI-CAN-19823)

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 45.8%

CVSS Severity

CVSS v3 Score 8.3

References

https://cert-portal.siemens.com/productcert/pdf/ssa-594373.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-594373.pdf

Products affected by CVE-2023-35796

Siemens » Sinema Server » Version: 14.0

cpe:2.3:a:siemens:sinema_server:14.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-35796

Products

Pricing

Contact Us