Siemens

Sinec-nms

16 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2026-25656

  • EPSS 0.01%
  • Veröffentlicht 10.02.2026 09:58:55
  • Zuletzt bearbeitet 12.02.2026 15:25:45

A vulnerability has been identified in SINEC NMS (All versions), User Management Component (UMC) (All versions < V2.15.2.1). The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an...

7.8

CVE-2026-25655

  • EPSS 0.01%
  • Veröffentlicht 10.02.2026 09:58:54
  • Zuletzt bearbeitet 12.02.2026 15:27:28

A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP2). The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker to load malicious DLLs, potentially lea...

8.8

CVE-2025-40755

  • EPSS 0.03%
  • Veröffentlicht 14.10.2025 09:15:13
  • Zuletzt bearbeitet 21.10.2025 14:40:48

A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP1). Affected applications are vulnerable to SQL injection through getTotalAndFilterCounts endpoint. An authenticated low privileged attacker could exploit to insert data and achi...

7.8

CVE-2025-30033

  • EPSS 0.01%
  • Veröffentlicht 12.08.2025 11:16:56
  • Zuletzt bearbeitet 12.08.2025 14:25:33

The affected setup component is vulnerable to DLL hijacking. This could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected setup component.

8.8

CVE-2025-40738

  • EPSS 0.28%
  • Veröffentlicht 08.07.2025 10:34:56
  • Zuletzt bearbeitet 21.08.2025 15:10:50

A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations a...

8.8

CVE-2025-40737

  • EPSS 0.28%
  • Veröffentlicht 08.07.2025 10:34:55
  • Zuletzt bearbeitet 21.08.2025 15:10:38

A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations a...

9.8

CVE-2025-40736

  • EPSS 0.18%
  • Veröffentlicht 08.07.2025 10:34:53
  • Zuletzt bearbeitet 21.08.2025 15:10:33

A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application exposes an endpoint that allows an unauthorized modification of administrative credentials. This could allow an unauthenticated attacker to reset the sup...

8.8

CVE-2025-40735

  • EPSS 0.11%
  • Veröffentlicht 08.07.2025 10:34:52
  • Zuletzt bearbeitet 21.08.2025 15:10:29

A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected devices are vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database.

8.7

CVE-2025-30176

  • EPSS 0.25%
  • Veröffentlicht 13.05.2025 09:38:39
  • Zuletzt bearbeitet 03.10.2025 19:52:59

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All version...

8.7

CVE-2025-30175

  • EPSS 0.25%
  • Veröffentlicht 13.05.2025 09:38:38
  • Zuletzt bearbeitet 03.10.2025 19:52:42

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All version...