{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25654", "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "state": "PUBLISHED", "assignerShortName": "siemens", "dateReserved": "2026-02-04T06:26:41.260Z", "datePublished": "2026-04-14T08:40:41.053Z", "dateUpdated": "2026-04-14T13:46:23.821Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens", "dateUpdated": "2026-04-14T08:40:41.053Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3). Affected products do not properly validate user authorization when processing password reset requests. This could allow an authenticated remote attacker to bypass authorization checks, leading to the ability to reset the password of any arbitrary user account."}], "affected": [{"vendor": "Siemens", "product": "SINEC NMS", "versions": [{"status": "affected", "version": "0", "lessThan": "V4.0 SP3", "versionType": "custom"}], "defaultStatus": "unknown"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}, {"cvssV4_0": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "baseScore": 8.7, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-639", "description": "CWE-639: Authorization Bypass Through User-Controlled Key", "type": "CWE"}]}], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-605717.html"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-14T13:45:48.504947Z", "id": "CVE-2026-25654", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T13:46:23.821Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25654", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-14T13:45:48.504947Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T13:46:21.224Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}, {"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}], "affected": [{"vendor": "Siemens", "product": "SINEC NMS", "versions": [{"status": "affected", "version": "0", "lessThan": "V4.0 SP3", "versionType": "custom"}], "defaultStatus": "unknown"}], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-605717.html"}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3). Affected products do not properly validate user authorization when processing password reset requests. This could allow an authenticated remote attacker to bypass authorization checks, leading to the ability to reset the password of any arbitrary user account."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-639", "description": "CWE-639: Authorization Bypass Through User-Controlled Key"}]}], "providerMetadata": {"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens", "dateUpdated": "2026-04-14T08:40:41.053Z"}}}, "cveMetadata": {"cveId": "CVE-2026-25654", "state": "PUBLISHED", "dateUpdated": "2026-04-14T13:46:23.821Z", "dateReserved": "2026-02-04T06:26:41.260Z", "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "datePublished": "2026-04-14T08:40:41.053Z", "assignerShortName": "siemens"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3). Affected products do not properly validate user authorization when processing password reset requests. This could allow an authenticated remote attacker to bypass authorization checks, leading to the ability to reset the password of any arbitrary user account."}], "id": "CVE-2026-25654", "lastModified": "2026-04-14T09:16:35.150", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "productcert@siemens.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "productcert@siemens.com", "type": "Secondary"}]}, "published": "2026-04-14T09:16:35.150", "references": [{"source": "productcert@siemens.com", "url": "https://cert-portal.siemens.com/productcert/html/ssa-605717.html"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "productcert@siemens.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,V4.0 SP3)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "SINEC NMS", "source": "cna", "vendor": "Siemens"}, "product": "sinec-nms", "vendor": "siemens"}], "analysis": {"en": {"generated_at": "2026-04-14T10:21:12.033878+00:00", "value": {"mitigation_remediation": ["Upgrade to Siemens SINEC NMS version 4.0 SP3 or later where the issue is fixed.", "If an upgrade is not immediately possible, restrict network access to the password reset service and monitor for unauthorized reset attempts.", "Review and enforce proper role\u2011based access controls on all endpoints to prevent privilege escalation.", "Validate that all password reset workflows enforce the correct user authorization checks."], "summary": {"action": "Apply Patch", "impact": "Privilege Escalation / Account Takeover"}, "threat_synthesis": {"affected_systems": "The affected products are Siemens SINEC NMS, all versions earlier than 4.0 Service Pack 3.\nNo additional vendor or version details are specified beyond the general family and version threshold.\n", "description_and_impact": "An authorization flaw in Siemens SINEC NMS versions prior to V4.0 SP3 allows an authenticated attacker to craft a password reset request that bypasses user authorization checks. This flaw lets the attacker reset the password of any user account without needing proper clearance, potentially compromising system authentication and data.\nThe vulnerability stems from missing validation of user permissions during the reset process and is categorized as CWE-639.\nIf exploited, an attacker could take over user accounts, access restricted resources, and sabotage or exfiltrate data, effectively leading to a full account takeover.\n", "risk_and_exploitability": "The CVSS v3.1 score of 8.7 indicates high severity; however the EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog.\nThe likely attack vector is a remote, authenticated request to the password reset endpoint.\nExploitation requires the attacker to have valid credentials or otherwise be able to authenticate to the system, after which the flaw can be leveraged to reset any user account.\n"}}}}, "created": "2026-04-14T16:15:42.664366+00:00", "title": "Unauthorized Password Reset in Siemens SINEC NMS", "updated": "2026-04-14T16:30:39.558339+00:00", "vendors": ["siemens", "siemens$PRODUCT$sinec-nms"]}