VYPR

SINEC Security Monitor

by Siemens Foundation

CVEs (7)

  • CVE-2024-47553CriOct 8, 2024
    risk 0.64cvss 9.9epss 0.01

    A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate user input to the ```ssmctl-client``` command. This could allow an authenticated, lowly privileged remote attacker to execute arbitrary…

  • CVE-2024-47562HigOct 8, 2024
    risk 0.57cvss 8.8epss 0.00

    A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly neutralize special elements in user input to the ```ssmctl-client``` command. This could allow an authenticated, lowly privileged local attacker to…

  • CVE-2024-47563MedOct 8, 2024
    risk 0.34cvss 5.3epss 0.01

    A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate a file path that is supplied to an endpoint intended to create CSR files. This could allow an unauthenticated remote attacker to create…

  • CVE-2024-47565MedOct 8, 2024
    risk 0.28cvss 4.3epss 0.00

    A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate that user input complies with a list of allowed values. This could allow an authenticated remote attacker to compromise the integrity of…

  • CVE-2026-27661Mar 10, 2026
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). The affected application leaks confidential information in metadata, and files such as information on contributors and email address, on `SSM Server`.

  • CVE-2025-40831Dec 9, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in SINEC Security Monitor (All versions < V4.10.0). The affected application lacks input validation of date parameter in report generation functionality. This could allow an authenticated, lowly privileged attacker to cause denial of service…

  • CVE-2025-40830Dec 9, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in SINEC Security Monitor (All versions < V4.10.0). The affected application does not have proper authorization checks for the file_transfer feature in ssmctl-client command. This could allow an authenticated, lowly privileged local attacker…