Primary

Context

Siemens SINEC NMS Path Traversal Vulnerability Allowing Arbitrary File Write and Code Execution

Vulnerability

Patched

A path traversal vulnerability has been identified in Siemens SINEC NMS, affecting all versions prior to 4.0. The issue arises because the application fails to properly validate file paths when extracting uploaded ZIP files. This flaw could enable an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privileges.

Impact

Exploitation of this vulnerability could lead to unauthorized file writes in restricted directories and allow for execution of arbitrary code with elevated privileges.

Remediation

Users are advised to update to SINEC NMS version 4.0 or later. For guidance on updating, please refer to the Siemens support page.

Added: Jul 8, 2025, 11:36 AM

Updated: Jul 8, 2025, 11:36 AM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

4.9

remediation

7.9

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

4.9

remediation

7.9

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Siemens SINEC NMS Path Traversal Vulnerability Allowing Arbitrary File Write and Code Execution

Vulnerability

Impact

Remediation

Affected Products

Siemens SINEC NMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating