Home/Product/siemens sinec nms
Product

siemens sinec nms

43 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-25656
all versions
A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3), User Management Component (UMC) (All versions < V2.15.
7.8HIGH
 CVE-2026-25655
< 4.0
A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP2). The affected application permits improper modification
7.8HIGH
 CVE-2025-40755
< 4.0
A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP1). Affected applications are vulnerable to SQL injection
8.8HIGH
 CVE-2025-40738
< 4.0
A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application does not properly validate file p
8.8HIGH
 CVE-2025-40737
< 4.0
A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application does not properly validate file p
8.8HIGH
 CVE-2025-40736
< 4.0
A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application exposes an endpoint that allows a
9.8CRITICAL
 CVE-2025-40735
< 4.0
A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected devices are vulnerable to SQL injection. This
8.8HIGH
 CVE-2025-30176
< 4.0
A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All ve
7.5HIGH
 CVE-2025-30175
< 4.0
A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All ve
7.5HIGH
 CVE-2025-30174
< 4.0
A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All ve
7.5HIGH
 CVE-2024-47808
< 3.0
A vulnerability has been identified in SINEC NMS (All versions < V3.0 SP1). The affected application contains a database function,
8.4HIGH
 CVE-2024-41941
< 3.0
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly enforce authori
4.3MEDIUM
 CVE-2024-41940
< 3.0
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly validate user i
9.1CRITICAL
 CVE-2024-41939
< 3.0
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly enforce authori
8.8HIGH
 CVE-2024-41938
< 3.0
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The importCertificate function of the SINEC NMS Control we
5.5MEDIUM
 CVE-2024-36398
< 3.0
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application executes a subset of its services
7.8HIGH
 CVE-2024-23812
< 2.0
A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application incorrectly neutralizes speci
8.0HIGH
 CVE-2024-23811
< 2.0
A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application allows users to upload arbitr
8.8HIGH
 CVE-2024-23810
< 2.0
A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application is vulnerable to SQL injectio
8.8HIGH
 CVE-2023-44487
< 3.0
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams q
7.5HIGH
 CVE-2023-44315
< 2.0
A vulnerability has been identified in SINEC NMS (All versions < V2.0). The affected application improperly sanitizes certain SNMP
4.7MEDIUM
 CVE-2022-30527
< 2.0
A vulnerability has been identified in SINEC NMS (All versions < V2.0). The affected application assigns improper access rights to
7.8HIGH
 CVE-2021-42550
< 1.0.3
In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a m
6.6MEDIUM
 CVE-2021-33736
< 1.0
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could exe
7.2HIGH
 CVE-2021-33735
< 1.0
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could exe
7.2HIGH
 CVE-2021-33734
< 1.0
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could exe
7.2HIGH
 CVE-2021-33733
< 1.0
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could exe
7.2HIGH
 CVE-2021-33732
< 1.0
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could exe
7.2HIGH
 CVE-2021-33731
< 1.0
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could exe
7.2HIGH
 CVE-2021-33730
< 1.0
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could exe
7.2HIGH
 CVE-2021-33729
< 1.0
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker that is able to imp
8.8HIGH
 CVE-2021-33728
< 1.0
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to upload JSON obj
7.2HIGH
 CVE-2021-33727
< 1.0
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker could download the
6.5MEDIUM
 CVE-2021-33726
< 1.0
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to download arbitr
7.5HIGH
 CVE-2021-33725
< 1.0
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to delete arbitrar
9.1CRITICAL
 CVE-2021-33724
< 1.0
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system contains an Arbitrary Fil
9.1CRITICAL
 CVE-2021-33723
< 1.0
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker could change the us
6.5MEDIUM
 CVE-2021-33722
< 1.0
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system has a Path Traversal vuln
4.9MEDIUM
 CVE-2021-40438
< 1.0.3
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue a
9.0CRITICAL
 CVE-2021-39275
all versions
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to the
9.8CRITICAL
 CVE-2021-34798
all versions
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.
7.5HIGH
 CVE-2021-3449
all versions
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renego
5.9MEDIUM
 CVE-2019-6575
< 1.0
A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (in
7.5HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin