CRITICAL🇵🇱 Wersja polska

CVE-2025-40736

CVSS 9.3v4.0pub. 2025-07-08upd. 2025-08-21

A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application exposes an endpoint that allows an unauthorized modification of administrative credentials. This could allow an unauthenticated attacker to reset the superadmin password and gain full control of the application (ZDI-CAN-26569).

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Siemens Sinec Nms

    APP
    Siemens
    < 4.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2021-40438CRITICAL9.0⚠ KEVten sam produkt

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...

CVE-2024-41940CRITICAL9.4PL ✓ten sam produkt

Siemens SINEC NMS — wykonanie poleceń OS z podwyższonymi uprawnieniami

CVE-2021-33724CRITICAL9.1ten sam produkt

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system conta...

CVE-2021-33725CRITICAL9.1ten sam produkt

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allow...

CVE-2021-39275CRITICAL9.8ten sam produkt

ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass u...