Description
A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). The affected application leaks confidential information in metadata, and files such as information on contributors and email address, on `SSM Server`.
Published: 2026-03-10
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure via metadata leakage in SINEC Security Monitor
Action: Patch
AI Analysis

Impact

A flaw in SINEC Security Monitor causes confidential data such as contributor details and email addresses to be exposed through metadata on the SSM Server, creating an information‑disclosure risk that can compromise confidentiality of the system’s internal records. This weakness originates from improper handling of sensitive metadata (CWE‑1230).

Affected Systems

The Siemens SINEC Security Monitor application is affected, specifically all releases older than version 4.9.0. No other products or versions were identified as vulnerable.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate severity; the EPSS score of less than 1% suggests low likelihood of exploitation at this time, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be exploitation of the SSM Server’s metadata exposure, likely by any user able to query or read the server’s metadata files. While no active exploitation path is documented, the moderate score and data leakage warrant timely remediation.

Generated by OpenCVE AI on April 16, 2026 at 09:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Siemens SINEC Security Monitor to version 4.9.0 or later, or apply the vendor-released patch if available.
  • Restrict access to the SSM Server to authorized staff only, enforcing least privilege and network segmentation.
  • Remove or obfuscate sensitive metadata fields such as contributor names and email addresses from public or logged output.
  • Regularly audit system logs and configuration files for unexpected disclosures of confidential information.

Generated by OpenCVE AI on April 16, 2026 at 09:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
Title Metadata Leak in Siemens SINEC Security Monitor

Tue, 17 Mar 2026 16:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:siemens:sinec_security_monitor:*:*:*:*:*:*:*:*

Wed, 11 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Siemens
Siemens sinec Security Monitor
Vendors & Products Siemens
Siemens sinec Security Monitor

Tue, 10 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 10 Mar 2026 16:30:00 +0000

Type Values Removed Values Added
Description A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). The affected application leaks confidential information in metadata, and files such as information on contributors and email address, on `SSM Server`.
Weaknesses CWE-1230
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Siemens Sinec Security Monitor
cve-icon MITRE

Status: PUBLISHED

Assigner: siemens

Published:

Updated: 2026-03-10T16:41:08.844Z

Reserved: 2026-02-23T10:07:00.530Z

Link: CVE-2026-27661

cve-icon Vulnrichment

Updated: 2026-03-10T16:37:51.955Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-10T18:18:44.767

Modified: 2026-03-17T16:23:05.467

Link: CVE-2026-27661

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T10:00:14Z

Weaknesses