CVE-2025-40736
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-07-08
Last updated on: 2025-08-21
Assigner: Siemens AG
Description
Description
A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application exposes an endpoint that allows an unauthorized modification of administrative credentials. This could allow an unauthenticated attacker to reset the superadmin password and gain full control of the application (ZDI-CAN-26569).
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| siemens | sinec_nms | to 4.0 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in SINEC NMS versions prior to 4.0, where an exposed endpoint allows an attacker to modify administrative credentials without authentication. This means an unauthenticated attacker can reset the superadmin password and gain full control over the application.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can gain full administrative access to the SINEC NMS application, potentially leading to unauthorized control, data manipulation, disruption of services, and compromise of sensitive information.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70