OS Command Injection Vulnerability in SINEC NMS

Plan Patch7.2SSA-756744Aug 10, 2021

Attack VectorNetwork

Auth RequiredHigh

ComplexityLow

User InteractionNone needed

Summary

OS command injection vulnerability in SINEC NMS allows an authenticated remote attacker with high-level credentials to execute arbitrary code on the system with system privileges. The vulnerability results from insufficient input sanitization in command processing functions. Siemens has released a patch in V1.0 SP2.

What this means

What could happen

An authenticated attacker with high-level credentials could run arbitrary commands on the SINEC NMS server with full system privileges, allowing them to modify network monitoring configurations, disable alerts, or disrupt network visibility across your SCADA/ICS infrastructure.

Who's at risk

Water and electric utilities running SINEC NMS for SCADA/ICS network monitoring and management. This affects operations managers and IT staff who rely on the NMS for visibility into programmable logic controllers (PLCs), remote terminal units (RTUs), and other networked control devices.

How it could be exploited

An attacker with valid engineering or administrative credentials connects to the SINEC NMS server over the network and provides specially crafted input to a command processing function. The application fails to sanitize this input and executes it as an OS command, giving the attacker the same privileges as the NMS service.

Prerequisites

Valid administrative or engineering credentials for SINEC NMS
Network access to SINEC NMS (typically port 8080 or management interface)
Running version of SINEC NMS prior to V1.0 SP2

remotely exploitablerequires valid credentials (high privilege)low complexity attackaffects network visibility and control systemsaffects system with administrative privileges

Exploitability

Moderate exploit probability (EPSS 5.1%)

Affected products (1)

ProductAffected VersionsFix Status

SINEC NMS< V1.0 SP21.0 SP2

Remediation & Mitigation

0/3

Do now

0/2

HARDENINGRestrict network access to SINEC NMS management interface to authorized engineering workstations and administrative networks using firewall rules

HARDENINGEnforce strong, unique credentials for all administrative and engineering accounts on SINEC NMS

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SINEC NMS to version 1.0 SP2 or later

CVEs (1)

CVE-2021-33721

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f3f76346-4c5c-482b-87dc-d6a2a4686801