Vulnerabilities in the Siemens network management system
Team82 discovers 15 vulnerabilities in Siemens' network management system (SINEC NMS). Vulnerabilities allow denial of service attacks, credential harvesting, and remote code execution. The security researchers from Team82, the research department of the specialist for the security of cyber-physical systems (CPS) in industry, healthcare facilities and companies Claroty, have discovered a total of 15 vulnerabilities in the Siemens network management system (SINEC NMS). For example, CVE-2021-33723 allows attackers to escalate their privileges and CVE-2021-33722 allows remote code execution using a path traversal attack. All versions prior to V1.0 SP2 Update 1 are affected. Siemens advises users to upgrade to V1.0 SP2 Update 1 or a…