CNNVD-202507-925 Information
CNNVD ID
CNNVD-202507-925
Related CVE
- CNNVD Published: 2025-07-08
Description (Chinese)
Siemens SINEC NMS是德国西门子(Siemens)公司的 一个网络管理系统 (NMS),该系统可用于全天候集中监控、管理和配置具有数万台设备的工业网络,包括与安全相关的领域。 Siemens SINEC NMS V4.0之前版本存在路径遍历漏洞,该漏洞源于未正确验证ZIP文件路径,可能导致任意文件写入。
Description (English)
Siemens SINEEC NMS is a network management system (NMS) of Siemens, a German company that can be used to centrally monitor, manage and configure industrial networks with tens of thousands of equipment around the clock, including in security-related areas. The previous version of Siemens SINAC NMS V4.0 had a loophole in its path, which stemmed from an incorrect validation of the ZIP file path, which could lead to any document being written.
Hazard Level
Medium
Vulnerability Type
路径遍历
Affected Vendor
西门子
Published
2025-07-08
Last Modified
2026-02-24
References
https://cert-portal.siemens.com/productcert/html/ssa-078892.html https://nvd.nist.gov/vuln/detail/CVE-2025-40738