Every CVE whose affected-product data names Siemens Sinec Nms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (42)
CVE-2021-39275 — CVSS 9.8 (critical): ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these…
CVE-2025-40736 — CVSS 9.8 (critical): A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application exposes an endpoint that allows an…
CVE-2021-33725 — CVSS 9.1 (critical): A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to delete arbitrary files…
CVE-2021-33724 — CVSS 9.1 (critical): A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system contains an Arbitrary File…
CVE-2024-41940 — CVSS 9.1 (critical): A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly validate user input to a…
CVE-2025-40735 — CVSS 8.8 (high): A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected devices are vulnerable to SQL injection. This could…
CVE-2024-23811 — CVSS 8.8 (high): A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application allows users to upload arbitrary files…
CVE-2024-23810 — CVSS 8.8 (high): A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application is vulnerable to SQL injection. This…
CVE-2025-40755 — CVSS 8.8 (high): A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP1). Affected applications are vulnerable to SQL injection through…
CVE-2021-33729 — CVSS 8.8 (high): A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker that is able to import…
CVE-2025-40738 — CVSS 8.8 (high): A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application does not properly validate file paths when…
CVE-2025-40737 — CVSS 8.8 (high): A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application does not properly validate file paths when…
CVE-2024-41939 — CVSS 8.8 (high): A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly enforce authorization…
CVE-2024-47808 — CVSS 8.4 (high): A vulnerability has been identified in SINEC NMS (All versions < V3.0 SP1). The affected application contains a database function, that…
CVE-2024-23812 — CVSS 8.0 (high): A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application incorrectly neutralizes special…
CVE-2022-30527 — CVSS 7.8 (high): A vulnerability has been identified in SINEC NMS (All versions < V2.0). The affected application assigns improper access rights to specific…
CVE-2024-36398 — CVSS 7.8 (high): A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application executes a subset of its services as `NT…
CVE-2026-25655 — CVSS 7.8 (high): A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP2). The affected application permits improper modification of a…
CVE-2026-25656 — CVSS 7.8 (high): A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3), User Management Component (UMC) (All versions < V2.15.2.1). The…
CVE-2021-34798 — CVSS 7.5 (high): Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.
CVE-2021-33726 — CVSS 7.5 (high): A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to download arbitrary files…
CVE-2025-30174 — CVSS 7.5 (high): A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions <…
CVE-2025-30175 — CVSS 7.5 (high): A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions <…
CVE-2025-30176 — CVSS 7.5 (high): A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions <…
CVE-2021-33732 — CVSS 7.2 (high): A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute…
CVE-2021-33728 — CVSS 7.2 (high): A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to upload JSON objects that…
CVE-2021-33733 — CVSS 7.2 (high): A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute…
CVE-2021-33731 — CVSS 7.2 (high): A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute…
CVE-2021-33736 — CVSS 7.2 (high): A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute…
CVE-2021-33735 — CVSS 7.2 (high): A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute…
CVE-2021-33730 — CVSS 7.2 (high): A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute…
CVE-2021-33734 — CVSS 7.2 (high): A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute…
CVE-2021-42550 — CVSS 6.6 (medium): In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious…
CVE-2021-33723 — CVSS 6.5 (medium): A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker could change the user…
CVE-2021-33727 — CVSS 6.5 (medium): A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker could download the user…
CVE-2021-3449 — CVSS 5.9 (medium): An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation…
CVE-2024-41938 — CVSS 5.5 (medium): A vulnerability has been identified in SINEC NMS (All versions < V3.0). The importCertificate function of the SINEC NMS Control web…
CVE-2021-33722 — CVSS 4.9 (medium): A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system has a Path Traversal vulnerability…
CVE-2023-44315 — CVSS 4.7 (medium): A vulnerability has been identified in SINEC NMS (All versions < V2.0). The affected application improperly sanitizes certain SNMP…
CVE-2024-41941 — CVSS 4.3 (medium): A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly enforce authorization…