CVE-2022-25311

A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected software do not properly check privileges between users during the same web browser session, creating an unintended sphere of control. This could allow an authenticated low privileged user to achieve privilege escalation.

Published: Mar 8, 2022
Updated: May 4, 2025
CVE: CVE-2022-25311
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-269

Affected Software
References

Software	From	Fixed in
siemens / sinec_network_management_system	-	1.0.3
siemens / sinema_server	14.0	14.0.x

https://cert-portal.siemens.com/productcert/pdf/ssa-250085.pdf

Vulnerability Database

289,599

CVE-2022-25311