Primary

Context

Siemens SINEC Security Monitor Improper Authorization Vulnerability in File Transfer Feature

Vulnerability

A vulnerability exists in Siemens SINEC Security Monitor versions prior to 4.10.0. The issue arises from inadequate authorization checks in the file transfer feature of the ssmctl-client command. This flaw could enable an authenticated, low-privileged local attacker to read from or write to any file on the server or sensor.

Impact

Exploitation of this vulnerability could lead to unauthorized file access or modification on the server or sensor.

Remediation

Users are advised to update SINEC Security Monitor to version 4.10.0 or later. Additional guidance can be found on the Siemens support website.

Added: Dec 9, 2025, 8:07 PM

Updated: Dec 9, 2025, 8:07 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

3.3

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

3.3

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Siemens SINEC Security Monitor Improper Authorization Vulnerability in File Transfer Feature

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating