Details of VAR-202507-0070

ID

VAR-202507-0070

CVE

CVE-2025-40736

TITLE

Siemens' SINEC NMS Vulnerability regarding lack of authentication for critical features in

Trust: 0.8

sources: JVNDB: JVNDB-2025-012062

DESCRIPTION

A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application exposes an endpoint that allows an unauthorized modification of administrative credentials. This could allow an unauthenticated attacker to reset the superadmin password and gain full control of the application (ZDI-CAN-26569). Siemens' SINEC NMS There is a vulnerability in the lack of authentication for critical features.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the reqToChangePassword method. The issue results from the lack of authentication prior to allowing access to password change functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Siemens SINEC NMS is a network management system (NMS) of Siemens, Germany. The system can be used to centrally monitor, manage and configure industrial networks with tens of thousands of devices around the clock, including security-related areas

Trust: 2.79

sources: NVD: CVE-2025-40736 // JVNDB: JVNDB-2025-012062 // ZDI: ZDI-25-574 // CNVD: CNVD-2025-16632

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-16632

AFFECTED PRODUCTS

vendor:	siemens	model:	sinec nms	scope:	lt	version:	4.0	Trust: 1.0
vendor:	シーメンス	model:	sinec nms	scope:	eq	version:	4.0	Trust: 0.8
vendor:	シーメンス	model:	sinec nms	scope:	eq	version:	-	Trust: 0.8
vendor:	シーメンス	model:	sinec nms	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	sinec nms	scope:	-	version:	-	Trust: 0.7
vendor:	siemens	model:	sinec nms	scope:	lt	version:	v4.0	Trust: 0.6

sources: ZDI: ZDI-25-574 // CNVD: CNVD-2025-16632 // JVNDB: JVNDB-2025-012062 // NVD: CVE-2025-40736

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com:	CVE-2025-40736
value:	CRITICAL
Trust: 1.0
OTHER:	JVNDB-2025-012062
value:	CRITICAL
Trust: 0.8
ZDI:	CVE-2025-40736
value:	CRITICAL
Trust: 0.7
CNVD:	CNVD-2025-16632
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-16632
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

productcert@siemens.com:	CVE-2025-40736
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-012062
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2025-40736
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-25-574 // CNVD: CNVD-2025-16632 // JVNDB: JVNDB-2025-012062 // NVD: CVE-2025-40736

PROBLEMTYPE DATA

problemtype:	CWE-306	Trust: 1.0
problemtype:	Lack of authentication for critical features (CWE-306) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-012062 // NVD: CVE-2025-40736

PATCH

title:	Siemens has issued an update to correct this vulnerability.	url:	https://cert-portal.siemens.com/productcert/html/ssa-078892.html	Trust: 0.7
title:	Patch for Siemens SINEC NMS Access Control Error Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/711181	Trust: 0.6

sources: ZDI: ZDI-25-574 // CNVD: CNVD-2025-16632

EXTERNAL IDS

db:	NVD	id:	CVE-2025-40736	Trust: 3.9
db:	SIEMENS	id:	SSA-078892	Trust: 2.4
db:	JVN	id:	JVNVU99667406	Trust: 0.8
db:	ICS CERT	id:	ICSA-25-191-01	Trust: 0.8
db:	JVNDB	id:	JVNDB-2025-012062	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-26569	Trust: 0.7
db:	ZDI	id:	ZDI-25-574	Trust: 0.7
db:	CNVD	id:	CNVD-2025-16632	Trust: 0.6

sources: ZDI: ZDI-25-574 // CNVD: CNVD-2025-16632 // JVNDB: JVNDB-2025-012062 // NVD: CVE-2025-40736

REFERENCES

url:	https://cert-portal.siemens.com/productcert/html/ssa-078892.html	Trust: 3.1
url:	https://jvn.jp/vu/jvnvu99667406/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-40736	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-01	Trust: 0.8

sources: ZDI: ZDI-25-574 // CNVD: CNVD-2025-16632 // JVNDB: JVNDB-2025-012062 // NVD: CVE-2025-40736

CREDITS

Anonymous

Trust: 0.7

sources: ZDI: ZDI-25-574

SOURCES

db:	ZDI	id:	ZDI-25-574
db:	CNVD	id:	CNVD-2025-16632
db:	JVNDB	id:	JVNDB-2025-012062
db:	NVD	id:	CVE-2025-40736

LAST UPDATE DATE

2025-08-24T22:52:23.407000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-25-574	date:	2025-07-08T00:00:00
db:	CNVD	id:	CNVD-2025-16632	date:	2025-07-22T00:00:00
db:	JVNDB	id:	JVNDB-2025-012062	date:	2025-08-22T03:12:00
db:	NVD	id:	CVE-2025-40736	date:	2025-08-21T15:10:33.100

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-25-574	date:	2025-07-08T00:00:00
db:	CNVD	id:	CNVD-2025-16632	date:	2025-07-22T00:00:00
db:	JVNDB	id:	JVNDB-2025-012062	date:	2025-08-22T00:00:00
db:	NVD	id:	CVE-2025-40736	date:	2025-07-08T11:15:29.837