Description
A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3). Affected products do not properly validate user authorization when processing password reset requests. This could allow an authenticated remote attacker to bypass authorization checks, leading to the ability to reset the password of any arbitrary user account.
Published: 2026-04-14
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation / Account Takeover
Action: Apply Patch
AI Analysis

Impact

An authorization flaw in Siemens SINEC NMS versions prior to V4.0 SP3 allows an authenticated attacker to craft a password reset request that bypasses user authorization checks. This flaw lets the attacker reset the password of any user account without needing proper clearance, potentially compromising system authentication and data. The vulnerability stems from missing validation of user permissions during the reset process and is categorized as CWE-639. If exploited, an attacker could take over user accounts, access restricted resources, and sabotage or exfiltrate data, effectively leading to a full account takeover.

Affected Systems

The affected products are Siemens SINEC NMS, all versions earlier than 4.0 Service Pack 3. No additional vendor or version details are specified beyond the general family and version threshold.

Risk and Exploitability

The CVSS v3.1 score of 8.7 indicates high severity; however the EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is a remote, authenticated request to the password reset endpoint. Exploitation requires the attacker to have valid credentials or otherwise be able to authenticate to the system, after which the flaw can be leveraged to reset any user account.

Generated by OpenCVE AI on April 14, 2026 at 10:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Siemens SINEC NMS version 4.0 SP3 or later where the issue is fixed.
  • If an upgrade is not immediately possible, restrict network access to the password reset service and monitor for unauthorized reset attempts.
  • Review and enforce proper role‑based access controls on all endpoints to prevent privilege escalation.
  • Validate that all password reset workflows enforce the correct user authorization checks.

Generated by OpenCVE AI on April 14, 2026 at 10:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Title Unauthorized Password Reset in Siemens SINEC NMS

Tue, 14 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Siemens
Siemens sinec-nms
Vendors & Products Siemens
Siemens sinec-nms

Tue, 14 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 14 Apr 2026 09:00:00 +0000

Type Values Removed Values Added
Description A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3). Affected products do not properly validate user authorization when processing password reset requests. This could allow an authenticated remote attacker to bypass authorization checks, leading to the ability to reset the password of any arbitrary user account.
Weaknesses CWE-639
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Siemens Sinec-nms
cve-icon MITRE

Status: PUBLISHED

Assigner: siemens

Published:

Updated: 2026-04-14T13:46:23.821Z

Reserved: 2026-02-04T06:26:41.260Z

Link: CVE-2026-25654

cve-icon Vulnrichment

Updated: 2026-04-14T13:46:21.224Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-14T09:16:35.150

Modified: 2026-04-17T15:18:16.507

Link: CVE-2026-25654

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-14T16:30:39Z

Weaknesses