Siemens SINEC NMS could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the JSON objects. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Siemens SINEC NMS is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to the webserver, which could allow the attacker to view, add, modify or delete information in the back-end database.
Siemens SINEC NMS
Refer to Siemens Security Advisory for patch, upgrade, or suggested workaround information.