Siemens SINEC NMS
Summary
Siemens SINEC NMS software, prior to version V4.0 SP3, has an Authorization Bypass vulnerability (CVE-2026-25654). This flaw allows an authenticated remote attacker to reset any user's password by bypassing authorization checks. Siemens has released an update to address this issue.
IFF Assessment
The vulnerability allows for unauthorized password resets, which is a significant security risk for defenders.
Severity
The CVSS score of 8.8 (HIGH) reflects the severity of an authorization bypass vulnerability that allows for the reset of any user's password, granting an attacker broad access.
Defender Context
This vulnerability in Siemens SINEC NMS affects critical infrastructure, specifically the Critical Manufacturing sector. Defenders should prioritize updating affected systems to V4.0 SP3 or later and implement network access controls to limit exposure. The authorization bypass flaw highlights the need for robust input validation and proper access control mechanisms in industrial control system software.