Siemens Sinec_nms
42 CVEs affecting Siemens Sinec_nms. Latest disclosed: 2026-02-10. Critical: 6, High: 28.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-40736 | Critical | 9.8 | 2025-07-08 | A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application exposes an endpoint that allows an unauthorized modification o… |
CVE-2021-39275 | Critical | 9.8 | 2021-09-16 | ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party… |
CVE-2024-41940 | Critical | 9.1 | 2024-08-13 | A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly validate user input to a privileged command… |
CVE-2021-33725 | Critical | 9.1 | 2021-10-12 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to delete arbitrary files or directories under… |
CVE-2021-33724 | Critical | 9.1 | 2021-10-12 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system contains an Arbitrary File Deletion vulnerability that… |
CVE-2021-40438 | Critical | 9.0 | 2021-09-16 | A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4… |
CVE-2025-40755 | High | 8.8 | 2025-10-14 | A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP1). Affected applications are vulnerable to SQL injection through getTotalAndFilterCoun… |
CVE-2025-40738 | High | 8.8 | 2025-07-08 | A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application does not properly validate file paths when extracting uploaded… |
CVE-2025-40737 | High | 8.8 | 2025-07-08 | A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application does not properly validate file paths when extracting uploaded… |
CVE-2025-40735 | High | 8.8 | 2025-07-08 | A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected devices are vulnerable to SQL injection. This could allow an unauthenticat… |
CVE-2024-41939 | High | 8.8 | 2024-08-13 | A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly enforce authorization checks. This could all… |
CVE-2024-23811 | High | 8.8 | 2024-02-13 | A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application allows users to upload arbitrary files via TFTP. This coul… |
CVE-2024-23810 | High | 8.8 | 2024-02-13 | A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application is vulnerable to SQL injection. This could allow an unauth… |
CVE-2021-33729 | High | 8.8 | 2021-10-12 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker that is able to import firmware containers to an… |
CVE-2024-47808 | High | 8.4 | 2024-11-12 | A vulnerability has been identified in SINEC NMS (All versions < V3.0 SP1). The affected application contains a database function, that does not properly restr… |
CVE-2024-23812 | High | 8.0 | 2024-02-13 | A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application incorrectly neutralizes special elements when creating a r… |
CVE-2026-25656 | High | 7.8 | 2026-02-10 | A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3), User Management Component (UMC) (All versions < V2.15.2.1). The affected applicatio… |
CVE-2026-25655 | High | 7.8 | 2026-02-10 | A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP2). The affected application permits improper modification of a configuration file by a… |
CVE-2024-36398 | High | 7.8 | 2024-08-13 | A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application executes a subset of its services as `NT AUTHORITY\SYSTEM`. Th… |
CVE-2022-30527 | High | 7.8 | 2023-10-10 | A vulnerability has been identified in SINEC NMS (All versions < V2.0). The affected application assigns improper access rights to specific folders containing… |