Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2020-25237
PUBLISHED
More InfoOfficial Page
Assigner-siemens
Assigner Org ID-cec7a2ec-15b4-4faf-bd53-b40f371f3a77
View Known Exploited Vulnerability (KEV) details
Published At-09 Feb, 2021 | 15:38
Updated At-04 Aug, 2024 | 15:33
Rejected At-
▼CVE Numbering Authority (CNA)

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1 Update 1), SINEMA Server (All versions < V14.0 SP2 Update 2). When uploading files to an affected system using a zip container, the system does not correctly check if the relative file path of the extracted files is still within the intended target directory. With this an attacker could create or overwrite arbitrary files on an affected system. This type of vulnerability is also known as 'Zip-Slip'. (ZDI-CAN-12054)

Affected Products
Vendor
Siemens AGSiemens
Product
SINEC NMS
Versions
Affected
  • All versions < V1.0 SP1 Update 1
Vendor
Siemens AGSiemens
Product
SINEMA Server
Versions
Affected
  • All versions < V14.0 SP2 Update 2
Problem Types
TypeCWE IDDescription
CWECWE-22CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cert-portal.siemens.com/productcert/pdf/ssa-156833.pdf
x_refsource_MISC
https://us-cert.cisa.gov/ics/advisories/icsa-21-040-03
x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-21-253/
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cert-portal.siemens.com/productcert/pdf/ssa-156833.pdf
x_refsource_MISC
x_transferred
https://us-cert.cisa.gov/ics/advisories/icsa-21-040-03
x_refsource_MISC
x_transferred
https://www.zerodayinitiative.com/advisories/ZDI-21-253/
x_refsource_MISC
x_transferred
Details not found