CVE-2025-40736Missing Authentication for Critical Function in Siemens Sinec NMS

CWE-306Missing Authentication for Critical Function3 documents3 sources
Severity
9.3CRITICALNVD
EPSS
0.2%
top 55.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Siemens Sinec NMS
Timeline
PublishedJul 8

Description

A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application exposes an endpoint that allows an unauthorized modification of administrative credentials. This could allow an unauthenticated attacker to reset the superadmin password and gain full control of the application (ZDI-CAN-26569).

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5siemens/sinec_nms< V4.0

🔴Vulnerability Details

2
CVEList
CVE-2025-40736: A vulnerability has been identified in SINEC NMS (All versions < V42025-07-08
GHSA
GHSA-5w39-m9v9-2j2j: A vulnerability has been identified in SINEC NMS (All versions < V42025-07-08
CVE-2025-40736 — Siemens Sinec NMS vulnerability | cvebase