Siemens SINEC NMS

Title: Siemens SINEC NMS | CISA

URL Source: https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-09

Markdown Content: # Siemens SINEC NMS | CISA

An official website of the United States government

Here’s how you know

Here’s how you know

**Official websites use .gov**

A **.gov** website belongs to an official government organization in the United States.

**Secure .gov websites use HTTPS**

A **lock** () or **https://** means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

**Due to the lapse in federal funding, this website will not be actively managed.**[**Read More**](https://go.dhs.gov/lapse-2026)

[no-cost Cyber Services](https://www.cisa.gov/resources-tools/resources/free-cybersecurity-services-and-tools "Free Cyber Services")[Secure by design](https://www.cisa.gov/securebydesign)[Secure Your Business](https://www.cisa.gov/secureyourbusiness)[Shields Up](https://www.cisa.gov/node/8056)[Report A Cyber Issue](https://www.cisa.gov/report)

Search

[×](javascript:void(0) "Clear search box")

Menu

Close

[×](javascript:void(0) "Clear search box")

* Topics[Topics](https://www.cisa.gov/topics) [Cybersecurity Best Practices](https://www.cisa.gov/topics/cybersecurity-best-practices) [Cyber Threats and Response](https://www.cisa.gov/topics/cyber-threats-and-response) [Critical Infrastructure Security and Resilience](https://www.cisa.gov/topics/critical-infrastructure-security-and-resilience) [Election Security](https://www.cisa.gov/topics/election-security) [Emergency Communications](https://www.cisa.gov/topics/emergency-communications) [Industrial Control Systems](https://www.cisa.gov/topics/industrial-control-systems) [Information and Communications Technology Supply Chain Security](https://www.cisa.gov/topics/information-communications-technology-supply-chain-security) [Partnerships and Collaboration](https://www.cisa.gov/topics/partnerships-and-collaboration) [Physical Security](https://www.cisa.gov/topics/physical-security) [Risk Management](https://www.cisa.gov/topics/risk-management) [How can we help?](https://www.cisa.gov/audiences) [Government](https://www.cisa.gov/topics/government)[Educational Institutions](https://www.cisa.gov/topics/educational-institutions)[Industry](https://www.cisa.gov/topics/industry)[State, Local, Tribal, and […]

[… 7,842 Zeichen — nächste Zone: keyword-dense paragraphs …]

**SINEC NMS before V4.0 SP3 contains an Authorization Bypass vulnerability that could allow an attacker to bypass authorization checks, leading to the ability to reset the password of any arbitrary user account. Siemens has released a new version for SINEC NMS and recommends to update to the latest version.**

| CVSS Version | Base Score | Base Severity | Vector String | | --- | --- | --- | --- | | **CVSS Version**3.1 | **Base Score**8.8 | **Base Severity**HIGH | **Vector String**[CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H "(opens in a new window)") |

| CVSS | Vendor | Equipment | Vulnerabilities | | --- | --- | --- | --- | | **CVSS**v3 8.8 | **Vendor**Siemens | **Equipment**Siemens SINEC NMS | **Vulnerabilities**Authorization Bypass Through User-Controlled Key |

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

This ICSA is a verbatim republication of Siemens ProductCERT SSA-605717 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service.

1. [Home](https://www.cisa.gov/) 2. [News & Events](https://www.cisa.gov/news-eve […]

[… 7,432 Zeichen — nächste Zone: tail …]

ICS Advisory | ICSA-26-111-12

### [SenseLive X3050](https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-12)

[Return to top](https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-09#top)

* [Topics](https://www.cisa.gov/topics) * [Spotlight](https://www.cisa.gov/spotlight) * [Resources & Tools](https://www.cisa.gov/resources-tools) * [News & Events](https://www.cisa.gov/news-events) * [Careers](https://www.cisa.gov/careers) * [About](https://www.cisa.gov/about)

[Cybersecurity & Infrastructure Security Agency](https://www.cisa.gov/ "Go to the Cybersecurity & Infrastructure Security Agency homepage")

* [Facebook](https://www.facebook.com/CISA) * [X](https://x.com/CISAgov) * [LinkedIn](https://www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency) * [YouTube](https://www.youtube.com/@cisagov) * [Instagram](https://www.instagram.com/cisagov) * [RSS](https://www.cisa.gov/subscribe-updates-cisa)

CISA Central[1-844-Say-CISA](tel:1-844-Say-CISA)[contact@cisa.dhs.gov](mailto:contact@cisa.dhs.gov)

DHS Seal

CISA.gov

An official website of the U.S. Department of Homeland Security

* [About CISA](https://www.cisa.gov/about "About CISA") * [Budget and Performance](https://www.dhs.gov/performance-financial-reports "Budget and Performance") * [DHS.gov](https://www.dhs.gov/ "Department of Homeland Security") * [FOIA Requests](https://www.dhs.gov/foia "FOIA Requests") * [No FEAR Act](https://www.cisa.gov/no-fear-act "No FEAR Act Reporting") * [Office of Inspector General](https://www.oig.dhs.gov/ "Office of Inspector General") * [Privacy Policy](https://www.cisa.gov/privacy-policy "Privacy Policy") * [Subscribe](https://public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138 "Subscribe to Email Updates") * [The White House](https://www.whitehouse.gov/ "The White House") * [USA.gov](https://www.usa.gov/ "USA.gov") * [Website Feedback](https://www.cisa.gov/forms/feedback "Website Feedback")