841 matches found
Siemens SINEC NMS Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of Siemens SINEC NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd authentication handler. The issue results from incorrect implementation of an...
CVE-2026-25654
A vulnerability has been identified in SINEC NMS All versions V4.0 SP3. Affected products do not properly validate user authorization when processing password reset requests. This could allow an authenticated remote attacker to bypass authorization checks, leading to the ability to reset the...
CVE-2026-24032
A vulnerability has been identified in SINEC NMS All versions V4.0 SP3 with UMC. The affected application contains an authentication weakness due to insufficient validation of user identity in the UMC component. This could allow an unauthenticated remote attacker to bypass authentication and gain...
EUVD-2026-22236
A vulnerability has been identified in SINEC NMS All versions V4.0 SP3. Affected products do not properly validate user authorization when processing password reset requests. This could allow an authenticated remote attacker to bypass authorization checks, leading to the ability to reset the...
CVE-2026-25654
A vulnerability has been identified in SINEC NMS All versions V4.0 SP3. Affected products do not properly validate user authorization when processing password reset requests. This could allow an authenticated remote attacker to bypass authorization checks, leading to the ability to reset the...
CVE-2026-25654
A vulnerability has been identified in SINEC NMS All versions V4.0 SP3. Affected products do not properly validate user authorization when processing password reset requests. This could allow an authenticated remote attacker to bypass authorization checks, leading to the ability to reset the...
CVE-2026-25654
The CVE describes a vulnerability in SINEC NMS affecting all versions prior to 4.0 SP3, where password-reset requests do not properly validate user authorization. This could allow an authenticated remote attacker to bypass authorization and reset the password of any arbitrary user account. In the...
CVE-2026-25654
A vulnerability has been identified in SINEC NMS All versions V4.0 SP3. Affected products do not properly validate user authorization when processing password reset requests. This could allow an authenticated remote attacker to bypass authorization checks, leading to the ability to reset the...
CVE-2026-24032
CVE-2026-24032 affects SINEC NMS prior to version 4.0 SP3 with UMC. The issue is an authentication weakness caused by insufficient validation of user identity in the UMC component, enabling an unauthenticated remote attacker to bypass authentication and gain unauthorized access. Documents do not ...
CVE-2026-24032
A vulnerability has been identified in SINEC NMS All versions V4.0 SP3 with UMC. The affected application contains an authentication weakness due to insufficient validation of user identity in the UMC component. This could allow an unauthenticated remote attacker to bypass authentication and gain...
CVE-2026-24032
A vulnerability has been identified in SINEC NMS All versions V4.0 SP3 with UMC. The affected application contains an authentication weakness due to insufficient validation of user identity in the UMC component. This could allow an unauthenticated remote attacker to bypass authentication and gain...
EUVD-2026-22233
A vulnerability has been identified in SINEC NMS All versions V4.0 SP3 with UMC. The affected application contains an authentication weakness due to insufficient validation of user identity in the UMC component. This could allow an unauthenticated remote attacker to bypass authentication and gain...
CVE-2026-24032
A vulnerability has been identified in SINEC NMS All versions V4.0 SP3 with UMC. The affected application contains an authentication weakness due to insufficient validation of user identity in the UMC component. This could allow an unauthenticated remote attacker to bypass authentication and gain...
PT-2026-32608
Name of the Vulnerable Software and Affected Versions SINEC NMS versions prior to V4.0 SP3 Description An issue exists where user authorization is not properly validated during the processing of password reset requests. This allows an authenticated remote attacker to bypass authorization checks a...
Siemens SINEC NMS 数据伪造问题漏洞
Siemens SINEC NMS is a network management system developed by Siemens in Germany. This system can be used for round-the-clock centralized monitoring, management, and configuration of industrial networks containing tens of thousands of devices, including those related to security applications...
Siemens SINEC NMS 安全漏洞
Siemens SINEC NMS is a network management system developed by Siemens in Germany. This system can be used for round-the-clock centralized monitoring, management, and configuration of industrial networks containing tens of thousands of devices, including those related to security applications...
PT-2026-32607
Name of the Vulnerable Software and Affected Versions SINEC NMS versions prior to 4.0 SP3 with UMC Description An authentication weakness exists in the UMC component due to insufficient validation of user identity. This flaw allows an unauthenticated remote attacker to bypass authentication and...
Siemens SINEC NMS
SUMMARY SINEC NMS before V4.0 SP3 contains an Authorization Bypass vulnerability that could allow an attacker to bypass authorization checks, leading to the ability to reset the password of any arbitrary user account. Siemens has released a new version for SINEC NMS and recommends to update to...
Siemens SINEC NMS
SUMMARY Siemens SINEC NMS when used with User Management Component UMC contains an authentication bypass vulnerability due to insufficient validation of user identity. This could allow an unauthenticated remote attacker to bypass authentication and gain unauthorized access to the application...
CVE-2026-27661
A vulnerability has been identified in SINEC Security Monitor All versions V4.9.0. The affected application leaks confidential information in metadata, and files such as information on contributors and email address, on SSM Server...