Authentication Vulnerability in SINEC NMS by Siemens
CVE-2026-24032

6.9MEDIUM

Key Information:

Vendor: Siemens
Status: Sinec Nms
Vendor: CVE Published:; 14 April 2026

What is CVE-2026-24032?

A security flaw has been discovered in SINEC NMS that allows potential attackers to exploit insufficient user identity validation within the UMC component. This vulnerability puts user accounts at risk by enabling unauthenticated remote access, thereby compromising the integrity and security of the application. It's crucial for users of SINEC NMS versions below V4.0 SP3 to take immediate actions to secure their systems against this threat.

Affected Version(s)

SINEC NMS 0

References

https://cert-portal.siemens.com/productcert/html/ssa-8017...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Jan 20, 2026

CVE-2026-24032 Data

JSON