VDB
CVE-2026-24032
CVE-2026-24032
PUBLISHED
CVSS 7.300000190734863 HIGH
Siemens SINEC NMS when used with User Management Component (UMC) contains an authentication bypass vulnerability due to insufficient validation of user identity. This could allow an unauthenticated remote attacker to bypass authentication and gain unauthorized access to the application. Siemens has released a new version for SINEC NMS and recommends to update to the latest version. The following versions of Siemens SINEC NMS are affected: SINEC NMS CVSS Vendor Equipment Vulnerabilities v3 7.3 Siemens Siemens SINEC NMS Improper Verification of Cryptographic Signature Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: Germany
EPSS 0.04% · 13.1th percentile
Risk Scores
CVSS 3.1
7.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score
0.04%
13.1th percentile
Exploit Intelligence
- CIRCL seen: CVE-2026-24032 (circl-sighting)
- CIRCL seen: CVE-2026-24032 (circl-sighting)
- https://cert-portal.siemens.com/productcert/html/ssa-801704.html (circl)
Timeline
- Apr 14, 2026 CVE Published
- Apr 14, 2026 PoC Published
- Apr 14, 2026 PoC Published
- Apr 14, 2026 Security Advisory
- Apr 14, 2026 CVE Updated
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
- May 24, 2026 EPSS Score
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-03 advisory
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-03.json advisory
- https://www.cve.org/CVERecord?id=CVE-2026-24032 technical
- https://support.industry.siemens.com/cs/ww/en/view/110000760/ vendor
- https://cwe.mitre.org/data/definitions/347.html technical
- https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L technical