EUVD-2026-22236

A vulnerability has been identified in SINEC NMS All versions V4.0 SP3. Affected products do not properly validate user authorization when processing password reset requests. This could allow an authenticated remote attacker to bypass authorization checks, leading to the ability to reset the...

CVE-2026-25654

A vulnerability has been identified in SINEC NMS All versions V4.0 SP3. Affected products do not properly validate user authorization when processing password reset requests. This could allow an authenticated remote attacker to bypass authorization checks, leading to the ability to reset the...

CVE-2026-25656

A vulnerability has been identified in SINEC NMS All versions V4.0 SP3, User Management Component UMC All versions V2.15.2.1. The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker to load malicious DLLs, potentially...

CVE-2026-25655

A vulnerability has been identified in SINEC NMS All versions V4.0 SP2. The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker to load malicious DLLs, potentially leading to arbitrary code execution with administrative...

PT-2026-7259

Name of the Vulnerable Software and Affected Versions SINEC NMS versions prior to 2.15.2.1 User Management Component UMC versions prior to 2.15.2.1 Description The application allows unauthorized modification of a configuration file by a user with limited privileges. This could enable an attacker...

Siemens SINEC NMS SQL Injection Vulnerability (CNVD-2025-16630)

Siemens SINEC NMS is a network management system NMS from Siemens, Germany, that can be used 24/7 to centrally monitor, manage and configure industrial networks with tens of thousands of devices, including safety-related areas. A SQL injection vulnerability exists in Siemens SINEC NMS, which can ...

CVE-2025-40736

A vulnerability has been identified in SINEC NMS All versions V4.0. The affected application exposes an endpoint that allows an unauthorized modification of administrative credentials. This could allow an unauthenticated attacker to reset the superadmin password and gain full control of the...

The vulnerability of the Siemens User Management Component (UMC) in products such as SIMATIC PCS neo, SINEC NMS, and Totally Integrated Automation Portal (TIA Portal) allows a attacker to trigger a service failure.

The vulnerability of the Siemens User Management Component UMC, which is found in products such as SIMATIC PCS neo, SINEC NMS, and Totally Integrated Automation Portal TIA Portal, relates to reading data outside the buffer boundaries in memory. Exploiting this vulnerability could allow a maliciou...

CVE-2021-37201

A vulnerability has been identified in SINEC NMS All versions V1.0 SP1. The web interface of affected devices is vulnerable to a Cross-Site Request Forgery CSRF attack. This could allow an attacker to manipulate the SINEC NMS configuration by tricking an unsuspecting user with administrative...

CVE-2025-30174

A vulnerability has been identified in SIMATIC PCS neo V4.1 All versions, SIMATIC PCS neo V5.0 All versions, SINEC NMS All versions V4.0, SINEMA Remote Connect All versions, Totally Integrated Automation Portal TIA Portal V17 All versions, Totally Integrated Automation Portal TIA Portal V18 All...

Siemens多款产品 缓冲区错误漏洞

Siemens SINEMA Remote Connect and others are products of Siemens, Germany.Siemens SINEMA Remote Connect is a set of remote management platforms.Siemens SINEC NMS is a network management system NMS.Siemens SIMATIC PCS is a process control system. A buffer error vulnerability exists in several...

Siemens多款产品 缓冲区错误漏洞

Siemens SINEMA Remote Connect and others are products of Siemens, Germany.Siemens SINEMA Remote Connect is a set of remote management platforms.Siemens SINEC NMS is a network management system NMS.Siemens SIMATIC PCS is a process control system. A buffer error vulnerability exists in several...

The vulnerability of the Siemens User Management Component (UMC) in products such as SIMATIC Information Server, SIMATIC PCS neo, SINEC NMS, and Totally Integrated Automation Portal (TIA Portal) allows a perpetrator to execute arbitrary code.

The vulnerability of the Siemens User Management Component UMC in products such as SIMATIC Information Server, SIMATIC PCS neo, SINEC NMS, and Totally Integrated Automation Portal TIA Portal is related to buffer overflow in dynamic memory. Exploiting this vulnerability could allow a remote attack...

CVE-2024-41940

A vulnerability has been identified in SINEC NMS All versions V3.0. The affected application does not properly validate user input to a privileged command queue. This could allow an authenticated attacker to execute OS commands with elevated privileges...

CVE-2023-46282

A vulnerability has been identified in Opcenter Execution Foundation All versions V2407, Opcenter Quality All versions V2312, SIMATIC PCS neo All versions V4.1, SINEC NMS All versions V2.0 SP1, Totally Integrated Automation Portal TIA Portal V14 All versions, Totally Integrated Automation Portal...

CVE-2021-33732

A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application...

CVE-2021-33734

A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application...

Siemens SINEC NMS 路径遍历漏洞

SINEC NMS is Siemens' network management system for monitoring and managing industrial networks. A path traversal vulnerability exists in versions prior to SINEC NMS 1.0 SP2 Update 1. The vulnerability stems from the fact that the affected system allows arbitrary files to be downloaded under...