Siemens SINEC NMS
Severity: Low · Kind: Advisory
We've ingested this item but haven't summarised it yet. Read the upstream advisory using the link below in the meantime — the AI summary will appear here once the next run completes.
From the source
View CSAF Summary SINEC NMS before V4.0 SP3 contains an Authorization Bypass vulnerability that could allow an attacker to bypass authorization checks, leading to the ability to reset the password of any arbitrary user account. Siemens has released a new version for SINEC NMS and recommends to update to the latest version. The following versions of Siemens SINEC NMS are affected: SINEC NMS CVSS Vendor Equipment Vulnerabilities v3 8.8 Siemens Siemens SINEC NMS Authorization Bypass Through User-Controlled Key Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: Germany Vulnerabilities Expand All + CVE-2026-25654 Affected products do not properly validate user authorization when processing password reset requests. This could allow an authenticated remote attacker to bypass authorization checks, leading to the ability to reset the password of any arbitrary user account. View CVE Details Affected Products Siemens SINEC NMS Vendor: Siemens Product Version: SINEC NMS Product Status: known_affected Remediations Mitigation Limit network access to trusted users and systems only Vendor fix Update to V4.0 SP3 or later version https://support.industry.siemens.com/cs/ww/en/view/110000760/ Relevant CWE: CWE-639 Authorization Bypass Through User-Controlled Key Metrics CVSS Version Base Score Base Severity Vector String 3.1 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Acknowledgments Siemens ProductCERT
Was this useful?
Plain-English summaries are AI-generated and reviewed for tone, not technical accuracy. For incident response, always rely on the original source linked above.