- Description
- A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application exposes an endpoint that allows an unauthorized modification of administrative credentials. This could allow an unauthenticated attacker to reset the superadmin password and gain full control of the application (ZDI-CAN-26569).
- Source
- productcert@siemens.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 9.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- productcert@siemens.com
- CWE-306
- Hype score
- Not currently trending
⚠️Actualizaciones para productos Siemens ❗CVE-2025-40736 ❗CVE-2025-40735 ❗CVE-2025-41224 ➡️Más info: https://t.co/wkTouwp91C https://t.co/MAcoMEfPb7
@CERTpy
16 Jul 2025
158 Impressions
0 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
[CVE-2025-40736: CRITICAL] Critical security vulnerability in SINEC NMS < V4.0 allows unauthorized access to administrative credentials. Attackers could reset superadmin password, gaining full control(ZDI-CA...#cve,CVE-2025-40736,#cybersecurity https://t.co/DprOxIJAxp https://
@CveFindCom
8 Jul 2025
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-40736 A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application exposes an endpoint that allows an unauthorized modification of admin… https://t.co/1ine0vWyoF
@CVEnew
8 Jul 2025
91 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes