{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-29T12:22:47.777","vulnerabilities":[{"cve":{"id":"CVE-2021-33728","sourceIdentifier":"productcert@siemens.com","published":"2021-10-12T10:15:12.010","lastModified":"2024-11-21T06:09:27.630","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to upload JSON objects that are deserialized to JAVA objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this vulnerability by sending a crafted serialized Java object. An exploit could allow the attacker to execute arbitrary code on the device with root privileges."},{"lang":"es","value":"Se ha identificado una vulnerabilidad en SINEC NMS (Todas las versiones anteriores a V1.0 SP2 Actualización 1). El sistema afectado permite cargar objetos JSON que son deserializados a objetos JAVA. Debido a una deserialización no segura del contenido suministrado por el usuario por el software afectado, un atacante privilegiado podría explotar esta vulnerabilidad mediante el envío de un objeto Java serializado diseñado. Una explotación podría permitir al atacante ejecutar código arbitrario en el dispositivo con privilegios root"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C","baseScore":9.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"productcert@siemens.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0","matchCriteriaId":"2B59D696-F272-40DA-8DC6-423D9E5026C0"},{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:sinec_nms:1.0:-:*:*:*:*:*:*","matchCriteriaId":"4ED13FC8-63C0-42C6-A51C-C480C45327C2"},{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:sinec_nms:1.0:sp1:*:*:*:*:*:*","matchCriteriaId":"E68FE047-8F53-46B8-82D4-9342B1C8CA55"},{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:sinec_nms:1.0:sp2:*:*:*:*:*:*","matchCriteriaId":"5F2C66EC-5A29-4B92-AEDB-7DB8A5CA7391"}]}]}],"references":[{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf","source":"productcert@siemens.com","tags":["Patch","Vendor Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}}]}