Sinec nms
This hub aggregates every CVE we track for Sinec nms, a product in the ics ot iot space. Use it to gauge the current risk picture and drill into individual advisories.
36
CVEs tracked
6
Critical
24
High
1
In CISA KEV
Severity distribution
HIGH24MEDIUM6CRITICAL6
Monthly trend
0
1
0
0
0
0
0
0
0
0
0
4
0
0
1
0
0
0
2
0
2
0
0
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Sinec nms.
- CVE-2026-25654A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3). Affected products do not properly validate user authorization when processing password reset requests. This could allow a...8.8
- CVE-2026-24032A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3 with UMC). The affected application contains an authentication weakness due to insufficient validation of user identity in ...7.3
- CVE-2026-25656A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3), User Management Component (UMC) (All versions < V2.15.2.1). The affected application permits improper modification of a c...7.8
- CVE-2026-25655A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP2). The affected application permits improper modification of a configuration file by a low-privileged user. This could allo...7.8
- CVE-2025-40755A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP1). Affected applications are vulnerable to SQL injection through getTotalAndFilterCounts endpoint. An authenticated low priv...8.8
- CVE-2025-40738A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attack...8.8
- CVE-2025-40737A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attack...8.8
- CVE-2025-40736A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application exposes an endpoint that allows an unauthorized modification of administrative credentials. This cou...9.8
- CVE-2025-40735A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected devices are vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrar...8.8
- CVE-2024-33698A vulnerability has been identified in Opcenter Quality (All versions < V2406), Opcenter RDnL (All versions < V2410), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 ...9.8
- CVE-2021-42550RCE from attacker with configuration edit priviledges through JNDI lookup6.6
- CVE-2021-33736A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted re...7.2
- CVE-2021-33735A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted re...7.2
- CVE-2021-33734A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted re...7.2
- CVE-2021-33733A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted re...7.2
Product normalization is registry-driven with AI assist and human review. How it works