Primary

Context

Siemens SINEC NMS Missing Authentication Vulnerability Allowing Unauthorized Password Resets

Vulnerability

Patched

A vulnerability exists in Siemens SINEC NMS versions prior to 4.0, allowing unauthorized modification of administrative credentials. This issue enables an unauthenticated attacker to reset the superadmin password, potentially gaining full control of the application.

Impact

Exploitation of this vulnerability could lead to unauthorized access and control over the SINEC NMS application, allowing an attacker to perform administrative functions.

Remediation

Users are advised to update to SINEC NMS version 4.0 or later. For more information, visit the Siemens Industry Support page.

Added: Jul 8, 2025, 11:38 AM

Updated: Jul 8, 2025, 11:38 AM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

7.0

remediation

7.9

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

7.0

remediation

7.9

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Siemens SINEC NMS Missing Authentication Vulnerability Allowing Unauthorized Password Resets

Vulnerability

Impact

Remediation

Affected Products

Siemens SINEC NMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating