Primary

Context

Siemens SINEC NMS Authorization Bypass Vulnerability Allowing Password Reset on All Versions Prior to V4.0 SP3

Vulnerability

Patched

An authorization bypass vulnerability has been identified in Siemens SINEC NMS, affecting all versions prior to V4.0 SP3. The vulnerability arises because affected products do not properly validate user authorization when handling password reset requests. This flaw could enable an authenticated remote attacker to bypass authorization checks and reset the password of any user account.

Impact

Exploitation of this vulnerability could lead to unauthorized password resets, allowing attackers to gain access to user accounts.

Remediation

Users are advised to update SINEC NMS to version V4.0 SP3 or later. For more information, visit the Siemens Industry Support page.

Added: Apr 14, 2026, 9:30 AM

Updated: Apr 14, 2026, 9:30 AM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

6.3

remediation

7.9

relevance

5.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

6.3

remediation

7.9

relevance

5.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Siemens SINEC NMS Authorization Bypass Vulnerability Allowing Password Reset on All Versions Prior to V4.0 SP3

Vulnerability

Impact

Remediation

Affected Products

Siemens SINEC NMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating