Sign-up

ID

VAR-202507-0068


CVE

CVE-2025-40735


TITLE

Siemens'  SINEC NMS  In  SQL  Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2025-012192

DESCRIPTION

A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected devices are vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database. Siemens' SINEC NMS for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens SINEC NMS is a network management system (NMS) of Siemens, Germany. The system can be used to centrally monitor, manage and configure industrial networks with tens of thousands of devices around the clock, including security-related areas

Trust: 2.16

sources: NVD: CVE-2025-40735 // JVNDB: JVNDB-2025-012192 // CNVD: CNVD-2025-16630

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-16630

AFFECTED PRODUCTS

vendor:siemensmodel:sinec nmsscope:ltversion:4.0

Trust: 1.0

vendor:シーメンスmodel:sinec nmsscope:eqversion:4.0

Trust: 0.8

vendor:シーメンスmodel:sinec nmsscope:eqversion: -

Trust: 0.8

vendor:シーメンスmodel:sinec nmsscope: - version: -

Trust: 0.8

vendor:siemensmodel:sinec nmsscope:ltversion:v4.0

Trust: 0.6

sources: CNVD: CNVD-2025-16630 // JVNDB: JVNDB-2025-012192 // NVD: CVE-2025-40735

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2025-40735
value: HIGH

Trust: 1.0

OTHER: JVNDB-2025-012192
value: HIGH

Trust: 0.8

CNVD: CNVD-2025-16630
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-16630
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

productcert@siemens.com: CVE-2025-40735
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-012192
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-16630 // JVNDB: JVNDB-2025-012192 // NVD: CVE-2025-40735

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.0

problemtype:SQL injection (CWE-89) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-012192 // NVD: CVE-2025-40735

PATCH

title:Patch for Siemens SINEC NMS SQL Injection Vulnerability (CNVD-2025-16630)url:https://www.cnvd.org.cn/patchInfo/show/711171

Trust: 0.6

sources: CNVD: CNVD-2025-16630

EXTERNAL IDS

db:NVDid:CVE-2025-40735

Trust: 3.2

db:SIEMENSid:SSA-078892

Trust: 2.4

db:ICS CERTid:ICSA-25-191-01

Trust: 0.8

db:JVNid:JVNVU99667406

Trust: 0.8

db:JVNDBid:JVNDB-2025-012192

Trust: 0.8

db:CNVDid:CNVD-2025-16630

Trust: 0.6

sources: CNVD: CNVD-2025-16630 // JVNDB: JVNDB-2025-012192 // NVD: CVE-2025-40735

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-078892.html

Trust: 2.4

url:https://jvn.jp/vu/jvnvu99667406/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2025-40735

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-01

Trust: 0.8

sources: CNVD: CNVD-2025-16630 // JVNDB: JVNDB-2025-012192 // NVD: CVE-2025-40735

SOURCES

db:CNVDid:CNVD-2025-16630
db:JVNDBid:JVNDB-2025-012192
db:NVDid:CVE-2025-40735

LAST UPDATE DATE

2025-08-26T19:39:24.788000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-16630date:2025-07-22T00:00:00
db:JVNDBid:JVNDB-2025-012192date:2025-08-25T01:09:00
db:NVDid:CVE-2025-40735date:2025-08-21T15:10:29.630

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-16630date:2025-07-22T00:00:00
db:JVNDBid:JVNDB-2025-012192date:2025-08-25T00:00:00
db:NVDid:CVE-2025-40735date:2025-07-08T11:15:29.657