📦 Sinec Nms
by Siemens
🔍 What is Sinec Nms?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
This critical vulnerability in SINEC NMS allows unauthenticated attackers to reset the superadmin password through an exposed endpoint, granting them full administrative control of the application. Al...
This vulnerability in SINEC NMS allows authenticated attackers to execute arbitrary operating system commands with elevated privileges by exploiting improper input validation in a privileged command q...
CVE-2021-33724 is an arbitrary file deletion vulnerability in Siemens SINEC NMS that allows attackers to delete files or directories at user-controlled paths. This affects all SINEC NMS versions befor...
CVE-2021-39275 is a critical buffer overflow vulnerability in Apache HTTP Server's ap_escape_quotes() function that could allow remote code execution or denial of service. The vulnerability affects Ap...
A vulnerability in SINEC NMS allows low-privileged users to modify configuration files, enabling DLL hijacking attacks. This could lead to arbitrary code execution with administrative privileges. All ...
A low-privileged user can modify configuration files in SINEC NMS User Management Component, allowing malicious DLL loading. This leads to arbitrary code execution with SYSTEM privileges. All SINEC NM...
This SQL injection vulnerability in SINEC NMS allows authenticated low-privileged attackers to insert malicious data and escalate privileges. It affects all SINEC NMS versions before V4.0 SP1. Attacke...
A path traversal vulnerability in SINEC NMS allows attackers to write arbitrary files to restricted locations by uploading malicious ZIP archives. This could lead to remote code execution with elevate...
An unauthenticated SQL injection vulnerability in Siemens SINEC NMS allows remote attackers to execute arbitrary SQL queries on the server database. This affects all versions before V4.0 of the networ...
An out-of-bounds read buffer overflow vulnerability in Siemens' User Management Component (UMC) affects multiple industrial automation products. This allows unauthenticated remote attackers to cause d...
An out-of-bounds read buffer overflow vulnerability in Siemens industrial automation products allows unauthenticated remote attackers to cause denial of service. Affected systems include SIMATIC PCS n...
This vulnerability in Siemens SINEC NMS allows authenticated attackers to bypass authorization checks and elevate their privileges within the application. All versions before V3.0 are affected, potent...
A local privilege escalation vulnerability in Siemens SINEC NMS allows attackers to execute operating system commands with SYSTEM privileges. This affects all SINEC NMS versions before V3.0. Attackers...
SINEC NMS versions before V2.0 SP1 contain a vulnerability allowing arbitrary file upload via TFTP. Attackers can upload malicious firmware images or other files, potentially leading to remote code ex...
CVE-2022-30527 is an improper access control vulnerability in Siemens SINEC NMS where specific folders containing executables and libraries have overly permissive permissions. This allows authenticate...
CVE-2021-33728 is a Java deserialization vulnerability in Siemens SINEC NMS that allows authenticated attackers to execute arbitrary code with root privileges by uploading malicious JSON objects. This...
This vulnerability allows a privileged authenticated attacker to execute arbitrary commands in the local database of SINEC NMS by sending crafted requests to its webserver, potentially leading to remo...
CVE-2021-33732 is a SQL injection vulnerability in Siemens SINEC NMS that allows authenticated privileged attackers to execute arbitrary commands on the local database. This could lead to complete sys...
This vulnerability allows authenticated attackers with administrative privileges to execute arbitrary SQL commands on the SINEC Network Management System database. Attackers can achieve remote code ex...
CVE-2021-33736 is a SQL injection vulnerability in Siemens SINEC NMS that allows authenticated attackers with administrative privileges to execute arbitrary commands on the local database. This affect...
CVE-2021-33726 is a path traversal vulnerability in Siemens SINEC NMS that allows authenticated attackers to download arbitrary files from the server by manipulating file paths. This affects all SINEC...