Primary

Context

Siemens SINEC NMS SQL Injection Vulnerability Allowing Privilege Escalation

Vulnerability

Patched

A SQL injection vulnerability has been identified in Siemens SINEC NMS, affecting all versions prior to V4.0 SP1. The vulnerability exists in the getTotalAndFilterCounts endpoint, where an authenticated low-privileged attacker could exploit it to insert malicious data and escalate privileges.

Impact

Exploitation of this vulnerability allows for SQL injection, with the potential for an authenticated low-privileged attacker to insert data and escalate privileges within the application.

Remediation

Users are advised to update SINEC NMS to version V4.0 SP1 or later. For more information, visit the Siemens support page.

Added: Oct 14, 2025, 10:22 AM

Updated: Oct 14, 2025, 10:22 AM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

5.0

exploitability

4.9

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

5.0

exploitability

4.9

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Siemens SINEC NMS SQL Injection Vulnerability Allowing Privilege Escalation

Vulnerability

Impact

Remediation

Affected Products

Siemens SINEC NMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating