CVE-2026-24032_CVE-2026-24032

7.3 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Description

A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3 with UMC). The affected application contains an authentication weakness due to insufficient validation of user identity in the UMC component.
This could allow an unauthenticated remote attacker to bypass authentication and gain unauthorized access to the application. (ZDI-CAN-27564)

Basic Information

ID CVE-2026-24032

Source siemens

Published Apr 14, 2026 at 08:40

Affected Product

Vendor Siemens

Product SINEC NMS

Affected Versions Siemens SINEC NMS 0

CWE Classification

CWE-347

References

cert-portal.siemens.com /productcert/html/ssa-801704.html

{
    "lastseen": "",
    "description": "A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3 with UMC). The affected application contains an authentication weakness due to insufficient validation of user identity in the UMC component.\r\nThis could allow an unauthenticated remote attacker to bypass authentication and gain unauthorized access to the application. (ZDI-CAN-27564)",
    "published": "2026-04-14T08:40:39.853Z",
    "modified": "2026-04-14T08:40:39.853Z",
    "type": "cve",
    "title": "CVE-2026-24032",
    "source": "siemens",
    "references": "https://cert-portal.siemens.com/productcert/html/ssa-801704.html",
    "id": "CVE-2026-24032",
    "bulletinFamily": "",
    "cwe": [
        "CWE-347"
    ],
    "cvelist": null,
    "sourceData": "Siemens SINEC NMS 0",
    "sourceHref": "",
    "cvss": {
        "score": 7.3,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SINEC NMS",
    "version": "0",
    "vendor": "Siemens",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}