Siemens

Sinec-nms

19 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2026-25654

  • EPSS 0.06%
  • Veröffentlicht 14.04.2026 08:40:41
  • Zuletzt bearbeitet 17.04.2026 15:18:16

A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3). Affected products do not properly validate user authorization when processing password reset requests. This could allow an authenticated remote attacker to bypass authorizati...

7.3

CVE-2026-24032

  • EPSS 0.04%
  • Veröffentlicht 14.04.2026 08:40:39
  • Zuletzt bearbeitet 17.04.2026 15:18:16

A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3 with UMC). The affected application contains an authentication weakness due to insufficient validation of user identity in the UMC component. This could allow an unauthenticat...

8.5

CVE-2026-25656

  • EPSS 0.01%
  • Veröffentlicht 10.02.2026 09:58:55
  • Zuletzt bearbeitet 14.04.2026 09:16:35

A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3), User Management Component (UMC) (All versions < V2.15.2.1). The affected application permits improper modification of a configuration file by a low-privileged user. This cou...

7.8

CVE-2026-25655

  • EPSS 0.01%
  • Veröffentlicht 10.02.2026 09:58:54
  • Zuletzt bearbeitet 12.02.2026 15:27:28

A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP2). The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker to load malicious DLLs, potentially lea...

8.8

CVE-2025-40755

  • EPSS 0.04%
  • Veröffentlicht 14.10.2025 09:15:13
  • Zuletzt bearbeitet 21.10.2025 14:40:48

A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP1). Affected applications are vulnerable to SQL injection through getTotalAndFilterCounts endpoint. An authenticated low privileged attacker could exploit to insert data and achi...

8.5

CVE-2025-30033

  • EPSS 0.01%
  • Veröffentlicht 12.08.2025 11:16:56
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The affected setup component is vulnerable to DLL hijacking. This could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected setup component.

8.8

CVE-2025-40738

  • EPSS 1.72%
  • Veröffentlicht 08.07.2025 10:34:56
  • Zuletzt bearbeitet 21.08.2025 15:10:50

A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations a...

8.8

CVE-2025-40737

  • EPSS 1.72%
  • Veröffentlicht 08.07.2025 10:34:55
  • Zuletzt bearbeitet 21.08.2025 15:10:38

A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations a...

9.8

CVE-2025-40736

  • EPSS 0.48%
  • Veröffentlicht 08.07.2025 10:34:53
  • Zuletzt bearbeitet 21.08.2025 15:10:33

A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application exposes an endpoint that allows an unauthorized modification of administrative credentials. This could allow an unauthenticated attacker to reset the sup...

8.8

CVE-2025-40735

  • EPSS 0.26%
  • Veröffentlicht 08.07.2025 10:34:52
  • Zuletzt bearbeitet 21.08.2025 15:10:29

A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected devices are vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database.