CVE-2025-40831
BaseFortify
Publication date: 2025-12-09
Last updated on: 2025-12-10
Assigner: Siemens AG
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| siemens | sinec_security_monitor | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in SINEC Security Monitor versions before 4.10.0, where the application does not properly validate the date parameter in its report generation feature. An authenticated user with low privileges can exploit this flaw to cause a denial of service (DoS) condition in the report functionality.
How can this vulnerability impact me? :
The vulnerability can be exploited by a low-privileged authenticated attacker to disrupt the report generation functionality, causing a denial of service. This means legitimate users may be unable to generate reports, potentially impacting monitoring and operational activities.
What immediate steps should I take to mitigate this vulnerability?
Update SINEC Security Monitor to version 4.10.0 or later to remediate the vulnerability. [1]