CVE-2023-35796

A vulnerability has been identified in SINEMA Server V14 (All versions). The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could perform a stored cross-site scripting (XSS) attack that may lead to arbitrary code execution with SYSTEM privileges on the application server. (ZDI-CAN-19823)

Published: Oct 10, 2023
Updated: May 10, 2024
CVE: CVE-2023-35796
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9
AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
siemens / sinema_server	14.0	14.0.x

https://cert-portal.siemens.com/productcert/pdf/ssa-594373.pdf

Vulnerability Database

289,599

CVE-2023-35796