{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-23811","assignerOrgId":"cec7a2ec-15b4-4faf-bd53-b40f371f3a77","state":"PUBLISHED","assignerShortName":"siemens","dateReserved":"2024-01-22T17:44:56.762Z","datePublished":"2024-02-13T09:00:23.301Z","dateUpdated":"2024-08-27T14:27:23.272Z"},"containers":{"cna":{"providerMetadata":{"orgId":"cec7a2ec-15b4-4faf-bd53-b40f371f3a77","shortName":"siemens","dateUpdated":"2024-03-12T10:22:00.924Z"},"descriptions":[{"lang":"en","value":"A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application allows users to upload arbitrary files via TFTP. This could allow an attacker to upload malicious firmware images or other files, that could potentially lead to remote code execution."}],"affected":[{"vendor":"Siemens","product":"SINEC NMS","versions":[{"status":"affected","version":"0","lessThan":"V2.0 SP1","versionType":"custom"}],"defaultStatus":"unknown"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C","baseScore":8.8,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-434","description":"CWE-434: Unrestricted Upload of File with Dangerous Type","type":"CWE"}]}],"references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-943925.html"}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T23:13:08.178Z"},"title":"CVE Program Container","references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-943925.html","tags":["x_transferred"]}]},{"affected":[{"vendor":"siemens","product":"sinec_nms","cpes":["cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"V2.0 SP1","versionType":"custom"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-08-01T15:47:50.906681Z","id":"CVE-2024-23811","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-08-27T14:27:23.272Z"}}]}}