Siemens

Sinec Nms

44 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2025-40755

  • EPSS 0.04%
  • Veröffentlicht 14.10.2025 09:15:13
  • Zuletzt bearbeitet 21.10.2025 14:40:48

A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP1). Affected applications are vulnerable to SQL injection through getTotalAndFilterCounts endpoint. An authenticated low privileged attacker could exploit to insert data and achi...

7.8

CVE-2025-30033

  • EPSS 0.02%
  • Veröffentlicht 12.08.2025 11:16:56
  • Zuletzt bearbeitet 12.08.2025 14:25:33

The affected setup component is vulnerable to DLL hijacking. This could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected setup component.

8.8

CVE-2025-40738

  • EPSS 0.21%
  • Veröffentlicht 08.07.2025 10:34:56
  • Zuletzt bearbeitet 21.08.2025 15:10:50

A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations a...

8.8

CVE-2025-40737

  • EPSS 0.21%
  • Veröffentlicht 08.07.2025 10:34:55
  • Zuletzt bearbeitet 21.08.2025 15:10:38

A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations a...

9.8

CVE-2025-40736

  • EPSS 0.17%
  • Veröffentlicht 08.07.2025 10:34:53
  • Zuletzt bearbeitet 21.08.2025 15:10:33

A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application exposes an endpoint that allows an unauthorized modification of administrative credentials. This could allow an unauthenticated attacker to reset the sup...

8.8

CVE-2025-40735

  • EPSS 0.1%
  • Veröffentlicht 08.07.2025 10:34:52
  • Zuletzt bearbeitet 21.08.2025 15:10:29

A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected devices are vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database.

8.7

CVE-2025-30176

  • EPSS 0.1%
  • Veröffentlicht 13.05.2025 09:38:39
  • Zuletzt bearbeitet 03.10.2025 19:52:59

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All version...

8.7

CVE-2025-30175

  • EPSS 0.1%
  • Veröffentlicht 13.05.2025 09:38:38
  • Zuletzt bearbeitet 03.10.2025 19:52:42

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All version...

8.7

CVE-2025-30174

  • EPSS 0.1%
  • Veröffentlicht 13.05.2025 09:38:37
  • Zuletzt bearbeitet 03.10.2025 19:52:23

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All version...

9.8

CVE-2024-49775

  • EPSS 2.43%
  • Veröffentlicht 16.12.2024 15:15:07
  • Zuletzt bearbeitet 13.01.2026 10:15:56

A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2501.0001), Opcenter Intelligence (All versions < V2501.0001), Opcenter Quality (All versions < V2512), Opcenter RDnL (All versions < V2410), SIMATIC PCS neo V4.0 (...