Skip to main content

Sinec Nms

41 CVEs product

Monthly

CVE-2026-25654 HIGH CISA This Week

SINEC NMS versions prior to V4.0 SP3 allow authenticated remote attackers to reset any user account password due to improper authorization validation (CWE-639). An attacker with low-privilege credentials can escalate to administrative access by resetting privileged user passwords, enabling complete system compromise with high impact to confidentiality, integrity, and availability (CVSS 8.8). No public exploit code identified at time of analysis, though the network attack vector (AV:N) and low complexity (AC:L) increase exploitation feasibility for authenticated attackers.

Authentication Bypass Sinec Nms
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-25656 HIGH This Week

Arbitrary code execution with SYSTEM privileges in SINEC NMS User Management Component (all versions prior to V2.15.2.1) stems from improper access controls allowing low-privileged users to modify configuration files and load malicious DLLs. An authenticated attacker can exploit this to achieve complete system compromise. No patch is currently available.

RCE Sinec Nms User Management Component
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-25655 HIGH This Week

Arbitrary code execution in Siemens SINEC NMS versions prior to V4.0 SP2 can be achieved when a low-privileged user modifies configuration files to load malicious DLLs, resulting in administrative privilege execution. This local vulnerability affects all current deployments and currently has no available patch. An authenticated attacker with local access can exploit this to gain full system compromise.

Privilege Escalation RCE Sinec Nms
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-40738 HIGH This Week

A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privileges (ZDI-CAN-26572).

Path Traversal Sinec Nms
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-40737 HIGH This Week

A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privileges (ZDI-CAN-26571).

Path Traversal Sinec Nms
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-40736 CRITICAL Act Now

A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application exposes an endpoint that allows an unauthorized modification of administrative credentials. This could allow an unauthenticated attacker to reset the superadmin password and gain full control of the application (ZDI-CAN-26569).

Authentication Bypass Sinec Nms
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-40735 HIGH This Week

A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected devices are vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database.

SQLi Sinec Nms
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-30176 HIGH This Month

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Denial Of Service Simatic Pcs Neo Sinec Nms +3
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2025-30175 HIGH This Month

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Simatic Pcs Neo Sinec Nms +3
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2025-30174 HIGH This Month

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Denial Of Service Sinec Nms Sinema Remote Connect +2
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2024-47808 HIGH PATCH This Week

A vulnerability has been identified in SINEC NMS (All versions < V3.0 SP1). Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Sinec Nms
NVD
CVSS 4.0
8.3
EPSS
0.1%
CVE-2024-41941 MEDIUM This Month

A vulnerability has been identified in SINEC NMS (All versions < V3.0). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Sinec Nms
NVD
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-41940 CRITICAL Act Now

A vulnerability has been identified in SINEC NMS (All versions < V3.0). Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sinec Nms
NVD
CVSS 4.0
9.4
EPSS
0.6%
CVE-2024-41939 HIGH This Week

A vulnerability has been identified in SINEC NMS (All versions < V3.0). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Sinec Nms
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-41938 MEDIUM This Month

A vulnerability has been identified in SINEC NMS (All versions < V3.0). Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Sinec Nms
NVD
CVSS 4.0
5.1
EPSS
0.3%
CVE-2024-36398 HIGH This Week

A vulnerability has been identified in SINEC NMS (All versions < V3.0). Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Sinec Nms
NVD
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-23812 HIGH This Week

A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sinec Nms
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-23811 HIGH This Week

A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Sinec Nms
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-23810 CRITICAL Act Now

A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Sinec Nms
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-44315 MEDIUM PATCH This Month

A vulnerability has been identified in SINEC NMS (All versions < V2.0). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Sinec Nms
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2021-42550 Maven MEDIUM POC PATCH This Month

In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Deserialization RCE Logback Satellite Cloud Manager +3
NVD GitHub
CVSS 3.1
6.6
EPSS
4.4%
CVE-2021-33736 HIGH PATCH This Week

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Sinec Nms
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2021-33735 HIGH PATCH This Week

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Sinec Nms
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2021-33734 HIGH PATCH This Week

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Sinec Nms
NVD
CVSS 3.1
7.2
EPSS
27.7%
CVE-2021-33733 HIGH PATCH This Week

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Sinec Nms
NVD
CVSS 3.1
7.2
EPSS
15.4%
CVE-2021-33732 HIGH PATCH This Week

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Sinec Nms
NVD
CVSS 3.1
7.2
EPSS
27.7%
CVE-2021-33731 HIGH PATCH This Week

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Sinec Nms
NVD
CVSS 3.1
7.2
EPSS
46.6%
CVE-2021-33730 HIGH PATCH This Week

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Sinec Nms
NVD
CVSS 3.1
7.2
EPSS
27.7%
CVE-2021-33729 HIGH PATCH This Week

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Sinec Nms
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2021-33728 HIGH PATCH This Week

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Java Sinec Nms
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2021-33727 MEDIUM PATCH This Month

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Sinec Nms
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-33726 HIGH PATCH This Week

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Sinec Nms
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-33725 CRITICAL PATCH Act Now

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Sinec Nms
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2021-33724 CRITICAL PATCH Act Now

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Sinec Nms
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2021-33723 MEDIUM PATCH This Month

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Sinec Nms
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-33722 MEDIUM PATCH This Month

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Sinec Nms
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2021-40438 CRITICAL POC KEV PATCH THREAT Act Now

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.4.48 and earlier. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Apache SSRF Rocky Linux Enterprise Linux Enterprise Linux Eus +35
NVD
CVSS 3.1
9.0
EPSS
100.0%
CVE-2021-39275 CRITICAL PATCH Act Now

ap_escape_quotes() may write beyond the end of a buffer when given malicious input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Apache Memory Corruption Http Server Fedora +8
NVD
CVSS 3.1
9.8
EPSS
36.3%
CVE-2021-34798 HIGH PATCH This Week

Malformed requests may cause the server to dereference a NULL pointer.4.48 and earlier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Apache Denial Of Service Http Server Fedora +15
NVD
CVSS 3.1
7.5
EPSS
64.5%
CVE-2021-3449 Cargo MEDIUM PATCH This Month

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference OpenSSL Denial Of Service Debian Linux Freebsd +103
NVD
CVSS 3.1
5.9
EPSS
62.9%
CVE-2019-6575 HIGH This Week

A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Simatic Cp443 1 Opc Ua Firmware Simatic Et 200 Open Controller Cpu 1515Sp Pc2 Firmware Simatic Ipc Diagmonitor Firmware Simatic Net Pc Software Firmware +23
NVD VulDB
CVSS 3.1
7.5
EPSS
1.1%
EPSS 0% CVSS 8.7
HIGH This Week

SINEC NMS versions prior to V4.0 SP3 allow authenticated remote attackers to reset any user account password due to improper authorization validation (CWE-639). An attacker with low-privilege credentials can escalate to administrative access by resetting privileged user passwords, enabling complete system compromise with high impact to confidentiality, integrity, and availability (CVSS 8.8). No public exploit code identified at time of analysis, though the network attack vector (AV:N) and low complexity (AC:L) increase exploitation feasibility for authenticated attackers.

Authentication Bypass Sinec Nms
NVD
EPSS 0% CVSS 8.5
HIGH This Week

Arbitrary code execution with SYSTEM privileges in SINEC NMS User Management Component (all versions prior to V2.15.2.1) stems from improper access controls allowing low-privileged users to modify configuration files and load malicious DLLs. An authenticated attacker can exploit this to achieve complete system compromise. No patch is currently available.

RCE Sinec Nms User Management Component
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Siemens SINEC NMS versions prior to V4.0 SP2 can be achieved when a low-privileged user modifies configuration files to load malicious DLLs, resulting in administrative privilege execution. This local vulnerability affects all current deployments and currently has no available patch. An authenticated attacker with local access can exploit this to gain full system compromise.

Privilege Escalation RCE Sinec Nms
NVD
EPSS 0% CVSS 8.8
HIGH This Week

A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privileges (ZDI-CAN-26572).

Path Traversal Sinec Nms
NVD
EPSS 0% CVSS 8.8
HIGH This Week

A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privileges (ZDI-CAN-26571).

Path Traversal Sinec Nms
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application exposes an endpoint that allows an unauthorized modification of administrative credentials. This could allow an unauthenticated attacker to reset the superadmin password and gain full control of the application (ZDI-CAN-26569).

Authentication Bypass Sinec Nms
NVD
EPSS 0% CVSS 8.8
HIGH This Week

A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected devices are vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database.

SQLi Sinec Nms
NVD
EPSS 0% CVSS 8.7
HIGH This Month

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Denial Of Service +5
NVD
EPSS 0% CVSS 8.7
HIGH This Month

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service +5
NVD
EPSS 0% CVSS 8.7
HIGH This Month

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Denial Of Service +4
NVD
EPSS 0% CVSS 8.3
HIGH PATCH This Week

A vulnerability has been identified in SINEC NMS (All versions < V3.0 SP1). Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Sinec Nms
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability has been identified in SINEC NMS (All versions < V3.0). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Sinec Nms
NVD
EPSS 1% CVSS 9.4
CRITICAL Act Now

A vulnerability has been identified in SINEC NMS (All versions < V3.0). Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sinec Nms
NVD
EPSS 1% CVSS 8.7
HIGH This Week

A vulnerability has been identified in SINEC NMS (All versions < V3.0). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Sinec Nms
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

A vulnerability has been identified in SINEC NMS (All versions < V3.0). Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Sinec Nms
NVD
EPSS 0% CVSS 8.5
HIGH This Week

A vulnerability has been identified in SINEC NMS (All versions < V3.0). Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Sinec Nms
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sinec Nms
NVD
EPSS 0% CVSS 8.8
HIGH This Week

A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Sinec Nms
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Sinec Nms
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

A vulnerability has been identified in SINEC NMS (All versions < V2.0). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Sinec Nms
NVD
EPSS 4% CVSS 6.6
MEDIUM POC PATCH This Month

In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Deserialization RCE Logback +5
NVD GitHub
EPSS 1% CVSS 7.2
HIGH PATCH This Week

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Sinec Nms
NVD
EPSS 1% CVSS 7.2
HIGH PATCH This Week

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Sinec Nms
NVD
EPSS 28% CVSS 7.2
HIGH PATCH This Week

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Sinec Nms
NVD
EPSS 15% CVSS 7.2
HIGH PATCH This Week

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Sinec Nms
NVD
EPSS 28% CVSS 7.2
HIGH PATCH This Week

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Sinec Nms
NVD
EPSS 47% CVSS 7.2
HIGH PATCH This Week

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Sinec Nms
NVD
EPSS 28% CVSS 7.2
HIGH PATCH This Week

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Sinec Nms
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Sinec Nms
NVD
EPSS 2% CVSS 7.2
HIGH PATCH This Week

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Java +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Sinec Nms
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Sinec Nms
NVD
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Sinec Nms
NVD
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Sinec Nms
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Sinec Nms
NVD
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Sinec Nms
NVD
EPSS 100% CVSS 9.0
CRITICAL POC KEV PATCH THREAT Act Now

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.4.48 and earlier. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Apache SSRF Rocky Linux +37
NVD
EPSS 36% CVSS 9.8
CRITICAL PATCH Act Now

ap_escape_quotes() may write beyond the end of a buffer when given malicious input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Apache Memory Corruption +10
NVD
EPSS 65% CVSS 7.5
HIGH PATCH This Week

Malformed requests may cause the server to dereference a NULL pointer.4.48 and earlier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Apache Denial Of Service +17
NVD
EPSS 63% CVSS 5.9
MEDIUM PATCH This Month

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference OpenSSL Denial Of Service +105
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Simatic Cp443 1 Opc Ua Firmware Simatic Et 200 Open Controller Cpu 1515Sp Pc2 Firmware +25
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy