VYPR

Sinec Nms

by Siemens Foundation

CVEs (54)

  • CVE-2023-44487HigKEVOct 10, 2023
    risk 0.65cvss 7.5epss 1.00

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • CVE-2026-25656HigFeb 10, 2026
    risk 0.51cvss 7.8epss 0.00

    A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3), User Management Component (UMC) (All versions < V2.15.2.1). The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker to load…

  • CVE-2019-6575HigApr 17, 2019
    risk 0.49cvss 7.5epss 0.02

    A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC…

  • CVE-2026-24032HigApr 14, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3 with UMC). The affected application contains an authentication weakness due to insufficient validation of user identity in the UMC component. This could allow an unauthenticated remote attacker to bypass…

  • CVE-2023-46280MedMay 14, 2024
    risk 0.42cvss 6.5epss 0.00

    A vulnerability has been identified in Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions < V5.0 SP2), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 Upd5), SIMATIC NET PC Software V16 (All versions < V16 Update 8), SIMATIC NET PC Software V17…

  • CVE-2026-25655Feb 10, 2026
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP2). The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker to load malicious DLLs, potentially leading to arbitrary code…

  • CVE-2025-40755Oct 14, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP1). Affected applications are vulnerable to SQL injection through getTotalAndFilterCounts endpoint. An authenticated low privileged attacker could exploit to insert data and achieve privilege escalation.…

  • CVE-2025-40738Jul 8, 2025
    risk 0.00cvss epss 0.07

    A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code…

  • CVE-2025-40737Jul 8, 2025
    risk 0.00cvss epss 0.07

    A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code…

  • CVE-2025-40736Jul 8, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application exposes an endpoint that allows an unauthorized modification of administrative credentials. This could allow an unauthenticated attacker to reset the superadmin password and gain…

  • CVE-2025-40735Jul 8, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected devices are vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database.

  • CVE-2025-30176May 13, 2025
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated…

  • CVE-2025-30175May 13, 2025
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated…

  • CVE-2025-30174May 13, 2025
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated…

  • CVE-2024-47808Nov 12, 2024
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in SINEC NMS (All versions < V3.0 SP1). The affected application contains a database function, that does not properly restrict the permissions of users to write to the filesystem of the host system. This could allow an authenticated…

  • CVE-2024-41941Aug 13, 2024
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and modify settings in the application without authorization.

  • CVE-2024-41940Aug 13, 2024
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly validate user input to a privileged command queue. This could allow an authenticated attacker to execute OS commands with elevated privileges.

  • CVE-2024-41939Aug 13, 2024
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and elevate their privileges on the application.

  • CVE-2024-41938Aug 13, 2024
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in SINEC NMS (All versions < V3.0). The importCertificate function of the SINEC NMS Control web application contains a path traversal vulnerability. This could allow an authenticated attacker it to delete arbitrary certificate files on the…

  • CVE-2024-36398Aug 13, 2024
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application executes a subset of its services as `NT AUTHORITY\SYSTEM`. This could allow a local attacker to execute operating system commands with elevated privileges.

Page 1 of 3