Main Vulnerability Database Vulnerabilities #VU40141

Permissions, Privileges, and Access Controls in SINEMA Server - CVE-2016-6486

Published: August 8, 2016 / Updated: August 9, 2020

Vulnerability identifier: #VU40141

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2016-6486

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Siemens

Affected software:
SINEMA Server

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

Siemens SINEMA Server uses weak permissions for the application folder, which allows local users to gain privileges via unspecified vectors.

Install update from vendor's website.