cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-47565,https://securityvulnerability.io/vulnerability/CVE-2024-47565,Siemens SINEC Security Monitor Vulnerability: Authentication Bypass Risk,"A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate that user input complies with a list of allowed values.
This could allow an authenticated remote attacker to compromise the integrity of the configuration of the affected application.",Siemens,Siemens Sinec Security Monitor,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-10-08T08:40:54.092Z,0
CVE-2024-47563,https://securityvulnerability.io/vulnerability/CVE-2024-47563,Invalid File Path Validation in SINEC Security Monitor Could Lead to File Compromise,"A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate a file path that is supplied to an endpoint intended to create CSR files.
This could allow an unauthenticated remote attacker to create files in writable directories outside the intended location and thus compromise integrity of files in those writable directories.",Siemens,Siemens Sinec Security Monitor,5.3,MEDIUM,0.00046999999904073775,false,,false,false,false,,false,false,2024-10-08T08:40:52.852Z,0
CVE-2024-47562,https://securityvulnerability.io/vulnerability/CVE-2024-47562,SINEC Security Monitor Vulnerability Affects Authentication and Privilege Escalation,"A vulnerability has been detected in the Siemens SINEC Security Monitor, specifically affecting all versions prior to V4.9.0. This security issue arises due to inadequate neutralization of special elements in user input sent to the 'ssmctl-client' command. As a result, an authenticated local attacker with low privileges could exploit this weakness to execute privileged commands within the underlying operating system. This poses potential risks to system integrity and data security.",Siemens,Siemens Sinec Security Monitor,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-10-08T08:40:51.614Z,0
CVE-2024-47553,https://securityvulnerability.io/vulnerability/CVE-2024-47553,SINEC Security Monitor Vulnerability - Arbitrary Code Execution,"A vulnerability exists in the Siemens SINEC Security Monitor prior to version 4.9.0, where the application fails to adequately validate user input processed by the 'ssmctl-client' command. This shortcoming may enable an authenticated, low-privilege remote attacker to execute arbitrary code with elevated privileges, potentially compromising the integrity and security of the underlying operating system. Proper measures should be taken to mitigate this risk by updating to the latest version or applying recommended security practices.",Siemens,Siemens Sinec Security Monitor,9.9,CRITICAL,0.0004900000058114529,false,,false,false,false,,false,false,2024-10-08T08:40:50.371Z,0