BetaIT-Hub is in early access — your feedback helps us improve. Use the chat or email [email protected]

News Vulnerability
VulnerabilityCISA·44d ago

Siemens SINEC NMS

p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-09.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong SINEC NMS before V4.0 SP3 contains an Authorization Bypass vulnerability that could allow an attacker to bypass authorization checks, leading to the ability to reset the password of any arbitrary user account. Siemens has released a new version for SINEC NMS and recommends to update to the latest version. /strong /p p The following versions of Siemens SINEC NMS are affected: /p ul li SINEC NMS /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 8.8 /td td Siemens /td td Siemens SINEC NMS /td td Authorization Bypass Through User-Controlled Key /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Critical Manufacturing /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong Germany /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2026-25654 /a /h3 div class="csaf-accordion-content" p Affected products do not properly validate user authorization when processing password reset requests. This could allow an authenticated remote attacker to bypass authorization checks, leading to the ability to reset the password of any arbitrary user account. /p p a href="https://www.cve.org/CVERecord?id=CVE-2026-25654" View CVE Details /a /p hr h4 Affected Products /h4 h5 Siemens SINEC NMS /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br Siemens /div div class="ics-version" strong Product Version: /strong br SINEC NMS /div div class="ics-status" strong Product Status: /strong br known_affected /div /div div class="ics-remediations" h6 Remediations /h6 p strong Mitigation /strong br Limit network access to trusted users and systems only /p p strong Vendor fix /strong br Update to V4.0 SP3 or later version br a href="https://support.industry.siemens.com/cs/ww/en/view/110000760/" https://support.industry.siemens.com/cs/ww/en/view/110000760/ /a /p /div p strong Relevant CWE: /strong a href="https://cwe.mitre.org/data/definitions/639.html" CWE-639 Authorization Bypass Through User-Controlled Key /a /p hr h4 Metrics /h4 div class="csaf-table csaf-metrics-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS Version /th th role="columnheader" Base Score /th th role="columnheader" Base Severity /th th role="columnheader" Vector String /th /tr /

Sign in to read the full article

Create a free account to access all news, downloads, and community features

Sign inCreate account

Originally published by CISA

Source: https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-09

This article is shared for informational purposes. All rights belong to the original author and publisher. If you are the copyright holder and would like this content removed, please contact us.

Shared on IT-Hub by admin