Siemens Sinec Nms vulnerabilities

CVE-2026-25654 [HIGH] CWE-639 CVE-2026-25654: A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3). Affected products do not A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3). Affected products do not properly validate user authorization when processing password reset requests. This could allow an authenticated remote attacker to bypass authorization checks, leading to the ability to reset the password of any arbitrary user account.

CVE-2026-24032 [MEDIUM] CWE-347 CVE-2026-24032: A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3 with UMC). The affected ap A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3 with UMC). The affected application contains an authentication weakness due to insufficient validation of user identity in the UMC component. This could allow an unauthenticated remote attacker to bypass authentication and gain unauthorized access to the application. (ZDI-CAN-

CVE-2026-25655 [HIGH] CWE-427 CVE-2026-25655: A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP2). The affected application A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP2). The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker to load malicious DLLs, potentially leading to arbitrary code execution with administrative privilege.(ZDI-CAN-28107)

CVE-2026-25656 [HIGH] CWE-427 CVE-2026-25656: A vulnerability has been identified in SINEC NMS (All versions), User Management Component (UMC) (Al A vulnerability has been identified in SINEC NMS (All versions), User Management Component (UMC) (All versions < V2.15.2.1). The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker to load malicious DLLs, potentially leading to arbitrary code execution with SYSTEM privileges

CVE-2025-40755 [HIGH] CWE-89 CVE-2025-40755: A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP1). Affected applications ar A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP1). Affected applications are vulnerable to SQL injection through getTotalAndFilterCounts endpoint. An authenticated low privileged attacker could exploit to insert data and achieve privilege escalation. (ZDI-CAN-26570)

CVE-2025-30033 [HIGH] CWE-427 CVE-2025-30033: The affected setup component is vulnerable to DLL hijacking. This could allow an attacker to execute The affected setup component is vulnerable to DLL hijacking. This could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected setup component.

CVE-2025-40736 [CRITICAL] CWE-306 CVE-2025-40736: A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application exp A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application exposes an endpoint that allows an unauthorized modification of administrative credentials. This could allow an unauthenticated attacker to reset the superadmin password and gain full control of the application (ZDI-CAN-26569).

CVE-2025-40738 [HIGH] CWE-22 CVE-2025-40738: A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application doe A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privileges (ZDI-CAN-26572).

CVE-2025-40737 [HIGH] CWE-22 CVE-2025-40737: A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application doe A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privileges (ZDI-CAN-26571).

CVE-2025-40735 [HIGH] CWE-89 CVE-2025-40735: A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected devices are vul A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected devices are vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database.

CVE-2025-30175 [HIGH] CWE-787 CVE-2025-30175: A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (Al A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation

CVE-2025-30176 [HIGH] CWE-125 CVE-2025-30176: A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (Al A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation

CVE-2025-30174 [HIGH] CWE-125 CVE-2025-30174: A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (Al A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation

CVE-2024-49775 [CRITICAL] CWE-122 CVE-2024-49775: A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2501.0001), Op A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2501.0001), Opcenter Intelligence (All versions < V2501.0001), Opcenter Quality (All versions < V2512), Opcenter RDnL (All versions < V2410), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 3), SIMATIC PCS neo V5.0 (All versi

CVE-2024-47808 [HIGH] CWE-732 CVE-2024-47808: A vulnerability has been identified in SINEC NMS (All versions < V3.0 SP1). The affected application A vulnerability has been identified in SINEC NMS (All versions < V3.0 SP1). The affected application contains a database function, that does not properly restrict the permissions of users to write to the filesystem of the host system. This could allow an authenticated medium-privileged attacker to write arbitrary content to any location in the filesys

CVE-2024-33698 [CRITICAL] CWE-122 CVE-2024-33698: A vulnerability has been identified in Opcenter Quality (All versions < V2406), Opcenter RDnL (All v A vulnerability has been identified in Opcenter Quality (All versions < V2406), Opcenter RDnL (All versions < V2410), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All versions), SINEMA Remote Connect Client (All versions < V3.2 SP3), Totall

CVE-2024-41940 [CRITICAL] CWE-20 CVE-2024-41940: A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application doe A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly validate user input to a privileged command queue. This could allow an authenticated attacker to execute OS commands with elevated privileges.

CVE-2024-36398 [HIGH] CWE-250 CVE-2024-36398: A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application exe A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application executes a subset of its services as `NT AUTHORITY\SYSTEM`. This could allow a local attacker to execute operating system commands with elevated privileges.

CVE-2024-41939 [HIGH] CWE-863 CVE-2024-41939: A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application doe A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and elevate their privileges on the application.

CVE-2024-41938 [MEDIUM] CWE-22 CVE-2024-41938: A vulnerability has been identified in SINEC NMS (All versions < V3.0). The importCertificate functi A vulnerability has been identified in SINEC NMS (All versions < V3.0). The importCertificate function of the SINEC NMS Control web application contains a path traversal vulnerability. This could allow an authenticated attacker it to delete arbitrary certificate files on the drive SINEC NMS is installed on.