CVE-2026-24032 — Vulnetix

CVE-2026-24032 PUBLISHED CVSS 7.300000190734863 HIGH

Siemens SINEC NMS when used with User Management Component (UMC) contains an authentication bypass vulnerability due to insufficient validation of user identity. This could allow an unauthenticated remote attacker to bypass authentication and gain unauthorized access to the application. Siemens has released a new version for SINEC NMS and recommends to update to the latest version. The following versions of Siemens SINEC NMS are affected: SINEC NMS CVSS Vendor Equipment Vulnerabilities v3 7.3 Siemens Siemens SINEC NMS Improper Verification of Cryptographic Signature Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: Germany

Risk Scores

CVSS v3.1

7.300000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Timeline

Apr 14, 2026 CVE Published
Apr 14, 2026 PoC Published
Apr 14, 2026 PoC Published
Apr 14, 2026 Security Advisory
Apr 14, 2026 CVE Updated

References

Open in Interactive Console →