CNNVD-202510-2042 Information
CNNVD ID
CNNVD-202510-2042
Related CVE
- CNNVD Published: 2025-10-14
Description (Chinese)
Siemens SINEC NMS是德国西门子(Siemens)公司的 一个网络管理系统 (NMS),该系统可用于全天候集中监控、管理和配置具有数万台设备的工业网络,包括与安全相关的领域。 Siemens SINEC NMS V4.0 SP1之前版本存在SQL注入漏洞,该漏洞源于getTotalAndFilterCounts端点存在SQL注入,可能导致数据插入和权限提升。
Description (English)
Siemens SINEEC NMS is a network management system (NMS) of Siemens, a German company that can be used to centrally monitor, manage and configure industrial networks with tens of thousands of equipment around the clock, including in security-related areas. The previous version of Siemens SINEC NMS V4.0 SP1 had an SQL injection loophole, which originated from the presence of SQL injections at the GetTotal AndFilterCounts endpoint, which could lead to data insertion and rights enhancement.
Hazard Level
Medium
Vulnerability Type
SQL注入
Affected Vendor
西门子
Published
2025-10-14
Last Modified
2026-02-24
References
https://cert-portal.siemens.com/productcert/html/ssa-318832.html