CVE-2025-40736

A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application exposes an endpoint that allows an unauthorized modification of administrative credentials. This could allow an unauthenticated attacker to reset the superadmin password and gain full control of the application (ZDI-CAN-26569).

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://cert-portal.siemens.com/productcert/html/ssa-078892.html	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*

History

21 Aug 2025, 15:10

Type	Values Removed	Values Added
References	~~() https://cert-portal.siemens.com/productcert/html/ssa-078892.html -~~	() https://cert-portal.siemens.com/productcert/html/ssa-078892.html - Vendor Advisory
First Time		Siemens sinec Nms Siemens
CPE		cpe:2.3:a:siemens:sinec_nms::::::::

08 Jul 2025, 16:18

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-08 11:15

Updated : 2025-08-21 15:10

NVD link : CVE-2025-40736

Mitre link : CVE-2025-40736

CVE.ORG link : CVE-2025-40736

JSON object : View

Products Affected

siemens

sinec_nms

CWE

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2025-40736", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "productcert@siemens.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "productcert@siemens.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-07-08T11:15:29.837", "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-078892.html", "tags": ["Vendor Advisory"], "source": "productcert@siemens.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application exposes an endpoint that allows an unauthorized modification of administrative credentials. This could allow an unauthenticated attacker to reset the superadmin password and gain full control of the application (ZDI-CAN-26569)."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en SINEC NMS (todas las versiones anteriores a la V4.0). La aplicaci\u00f3n afectada expone un endpoint que permite la modificaci\u00f3n no autorizada de credenciales administrativas. Esto podr\u00eda permitir que un atacante no autenticado restablezca la contrase\u00f1a de superadministrador y obtenga el control total de la aplicaci\u00f3n (ZDI-CAN-26569)."}], "lastModified": "2025-08-21T15:10:33.100", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B9143A8-0ED9-467A-9138-2D2CCB9ADC84", "versionEndExcluding": "4.0"}], "operator": "OR"}]}], "sourceIdentifier": "productcert@siemens.com"}