What is the most critical vulnerability in SINEC NMS?

CVE-2025-40736 with a CVSS score of 9.8 is the most critical vulnerability. It involves missing authentication for critical function where the affected application exposes an endpoint that allows unauthorized modification of administrative credentials, enabling unauthenticated attackers to reset the superadmin password and gain full control.

What is the SQL injection vulnerability in SINEC NMS?

CVE-2025-40735 (CVSS score 8.7) is a SQL injection vulnerability where the affected devices are vulnerable to SQL injection attacks that could allow unauthenticated remote attackers to execute arbitrary SQL queries on the server database.

What are the path traversal vulnerabilities in SINEC NMS?

There are two path traversal vulnerabilities: CVE-2025-40737 and CVE-2025-40738 (both CVSS score 8.7). Both involve improper validation of file paths when extracting uploaded ZIP files, allowing attackers to write arbitrary files to restricted locations and potentially execute code with elevated privileges.

Which versions of SINEC NMS are affected by these vulnerabilities?

The vulnerabilities impact SINEC NMS versions prior to V4.0. All users running older versions should upgrade to the patched version immediately.

What can attackers do with these SINEC NMS vulnerabilities?

Attackers can elevate privileges, execute arbitrary code, gain complete administrative control over industrial network infrastructure, reset superadmin passwords, execute arbitrary SQL queries, and write malicious files to restricted system locations.

Why are these SINEC NMS vulnerabilities particularly concerning?

These vulnerabilities are particularly concerning because SINEC NMS is used to manage industrial network infrastructure. Successful exploitation could give attackers control over critical industrial systems and networks, potentially affecting operational technology environments and industrial processes.

Advisory

Multiple vulnerabilities reported in Siemens SINEC NMS, at least one critical

Q: What vulnerabilities were found in Siemens SINEC NMS?

Siemens AG patched multiple security vulnerabilities in its SINEC NMS network management system that could allow attackers to elevate privileges, execute arbitrary code, and gain complete administrative control over industrial network infrastructure.

published: July 11, 2025

Take action: If you have Siemens SINEC NMS network management systems, make sure they are islated from the internet and accessible only from trusted networks. If you are running versions prior to V4.0, plan an update to version V4.0. There is at least one critical flaw that can easily be exploited if a hacker reaches the system. And given enough time, they will. No isolation is perfect.

Learn More

Siemens AG has patched multiple security vulnerabilities in its SINEC NMS network management system that could allow attackers to elevate privileges, execute arbitrary code, and gain complete administrative control over industrial network infrastructure.

SINEC NMS is a Network Management System that can be used to centrally monitor, manage, and configure industrial networks. Such platforms are used for maintaining visibility and control over complex industrial network infrastructures

Vulnerability summary:

CVE-2025-40736 (CVSS score 9.8) - Missing Authentication for Critical Function. The affected application exposes an endpoint that allows unauthorized modification of administrative credentials, enabling unauthenticated attackers to reset the superadmin password and gain full control of the application.
CVE-2025-40735 (CVSS score 8.7) - SQL Injection vulnerability. The affected devices are vulnerable to SQL injection attacks that could allow unauthenticated remote attackers to execute arbitrary SQL queries on the server database.
CVE-2025-40737 (CVSS score 8.7) - Path Traversal vulnerability. The affected application does not properly validate file paths when extracting uploaded ZIP files, allowing attackers to write arbitrary files to restricted locations and potentially execute code with elevated privileges.
CVE-2025-40738 (CVSS score 8.7) - Path Traversal vulnerability. Similar to CVE-2025-40737, this vulnerability involves improper validation of file paths during ZIP file extraction, enabling arbitrary file writes and potential code execution with elevated privileges.

The vulnerabilities impact SINEC NMS versions prior to V4.0 being.

Siemens has released SINEC NMS version V4.0 to patch the flaws and strongly recommends that users update their systems. As a general security measure, Siemens recommends protecting network access to devices and configuring environments according to Siemens' operational guidelines for industrial security.

Multiple vulnerabilities reported in Siemens SINEC NMS, at least one critical

Read More
OS command Injection flaw reported in MegaSys Enterprises …
Critical authentication flaw in Siemens SIMATIC ET 200SP …
Siemens reports a critical vulnerability in HiMed Cockpit
Impact on Industrial Automation: Unveiling Vulnerabilities in CODESYS …
Research Uncovers Remote Takeover Flaw in AP Systems …