Primary

Context

Siemens SINEC NMS Authentication Bypass Vulnerability

Vulnerability

Patched

An authentication bypass vulnerability has been identified in Siemens SINEC NMS, all versions prior to 4.0 SP3 when used with the User Management Component (UMC). This vulnerability arises from inadequate validation of user identity in the UMC component, potentially allowing an unauthenticated remote attacker to bypass authentication and gain unauthorized access to the application.

Impact

Exploitation of this vulnerability could lead to unauthorized access to the application by bypassing authentication mechanisms.

Remediation

Users are advised to update to SINEC NMS version 4.0 SP3 or later. Additional information can be found on the Siemens support website.

Added: Apr 14, 2026, 9:34 AM

Updated: Apr 14, 2026, 9:34 AM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

5.0

exploitability

6.6

remediation

7.7

relevance

6.0

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

5.0

exploitability

6.6

remediation

7.7

relevance

6.0

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Siemens SINEC NMS Authentication Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Siemens SINEC NMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating