CVE-2024-31978

{"id": "CVE-2024-31978", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "productcert@siemens.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 4.7, "exploitabilityScore": 2.8}]}, "published": "2024-04-09T09:15:26.387", "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-128433.html", "source": "productcert@siemens.com"}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-128433.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP2). Affected devices allow authenticated users to export monitoring data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download files from the file system. Under certain circumstances the downloaded files are deleted from the file system."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en SINEC NMS (todas las versiones &lt; V2.0 SP2). Los dispositivos afectados permiten a los usuarios autenticados exportar datos de monitoreo. El endpoint de la API correspondiente es susceptible a path traversal y podr\u00eda permitir que un atacante autenticado descargue archivos del sistema de archivos. En determinadas circunstancias, los archivos descargados se eliminan del sistema de archivos."}], "lastModified": "2024-11-21T09:14:16.043", "sourceIdentifier": "productcert@siemens.com"}