CVE-2024-31978

CVSS 3.1 Score 7.6 of 10 (high)

Details

Published Apr 9, 2024

CWE ID 22

Summary

CVE-2024-31978 is a newly identified vulnerability affecting SINEC NMS versions below V2.0 SP2. This issue grants authenticated users the ability to export monitoring data via a susceptible API endpoint. The endpoint is vulnerable to path traversal attacks, enabling attackers to download files from the system. In specific situations, the files are deleted upon download, posing a potential security risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Siemens SINEC Network Management System (NMS)

Affected Vendors

Siemens AG

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/vSN0-m
https://www.cve.org/CVERecord?id=CVE-2024-31978
https://nvd.nist.gov/vuln/detail/CVE-2024-31978

Back to Vulnerability Database