CVE-2025-40831
published 2025-12-09CVE-2025-40831: A vulnerability has been identified in SINEC Security Monitor (All versions < V4.10.0). The affected application lacks input validation of date parameter in…
PriorityP334medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
0.33%
24.4th percentile
A vulnerability has been identified in SINEC Security Monitor (All versions < V4.10.0). The affected application lacks input validation of date parameter in report generation functionality. This could allow an authenticated, lowly privileged attacker to cause denial of service condition of the report functionality.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | sinec_security_monitor | < V4.10.0 | V4.10.0 |
| siemens | sinec_security_monitor | < 4.10.0 | 4.10.0 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv4.07.1HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6r9x-v332-23qp: A vulnerability has been identified in SINEC Security Monitor (All versions < V4
ghsa_unreviewed·2025-12-09
CVE-2025-40831 [HIGH] CWE-20 GHSA-6r9x-v332-23qp: A vulnerability has been identified in SINEC Security Monitor (All versions < V4
A vulnerability has been identified in SINEC Security Monitor (All versions < V4.10.0). The affected application lacks input validation of date parameter in report generation functionality. This could allow an authenticated, lowly privileged attacker to cause denial of service condition of the report functionality.
CISA ICS
Siemens SINEC Security Monitor
cisa_ics·2026-01-14·CVSS 6.7
[MEDIUM] Siemens SINEC Security Monitor
ICS Advisory
##
Siemens SINEC Security Monitor
Release DateJanuary 14, 2026
Alert CodeICSA-26-015-06
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## Summary
SINEC Security Monitor before V4.10.0 contains multiple vulnerabilities. Siemens has released a new version for SINEC Security Monitor and recommends to update to the latest version.
The following versions of Siemens SINEC Security Monitor are affected:
- SINEC Security Monitor (CVE-2025-40830, CVE-2025-40831)
CVSS
Vendor
Equipment
Vulnerabilities
| v3 6.7
| Siemens
| Siemens SINEC Security Monitor
| Improper Authorization, Improper Input Validation
## Background
- Critical Infrastructure Sectors: Critical Manufacturing
- Countries/Areas Deployed:
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-12-09
Published