top of page
perceptive_background_267k.jpg

Siemens SINEC NMS

Published:

21 April 2026 at 12:00:00

Alert date:

21 April 2026 at 18:10:28

Source:

cisa.gov

Click to open the original link from this advisory

Critical Infrastructure, Network Infrastructure, Enterprise Applications

Siemens SINEC NMS contains an authentication bypass vulnerability (CVE-2026-24032) when used with User Management Component (UMC). The vulnerability allows unauthenticated remote attackers to bypass authentication and gain unauthorized access due to insufficient validation of user identity. CVSS score is 7.3 (HIGH). Siemens has released version 4.0 SP3 to address the issue. The vulnerability affects critical manufacturing infrastructure worldwide and was categorized as CWE-347 (Improper Verification of Cryptographic Signature).

Technical details

Mitigation steps:

Affected products:

Siemens SINEC NMS

Related links:

https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-03
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-03.json
https://www.cve.org/CVERecord?id=CVE-2026-24032
https://support.industry.siemens.com/cs/ww/en/view/110000760/
https://cwe.mitre.org/data/definitions/347.html
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
https://www.siemens.com/cert/operational-guidelines-industrial-security
https://www.siemens.com/industrialsecurity
https://www.siemens.com/cert/advisories
https://www.siemens.com/productcert/terms-of-use
https://www.cisa.gov/notification
https://www.cisa.gov/privacy-policy

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page