ICSA-21-222-04 — Vulnetix

ICSA-21-222-04 PUBLISHED CVSS 7.199999809265137 HIGH

The latest update for SINEC NMS fixes a vulnerability that could allow an authenticated remote attacker to execute arbitrary code on the system, with system privileges, under certain conditions. Siemens has released an update for SINEC NMS and recommends to update to the latest version.

Risk Scores

CVSS v3.1

7.199999809265137

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

Affected Products

Vendor	Product	Versions
	SINEC NMS

Timeline

Aug 10, 2021 CVE Published
May 6, 2025 CVE Updated

References

https://cert-portal.siemens.com/productcert/csaf/ssa-756744.json advisory
https://cert-portal.siemens.com/productcert/txt/ssa-756744.txt advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-756744.pdf advisory
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-222-04.json advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-21-222-04 advisory
https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 url
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
https://www.cisa.gov/topics/industrial-control-systems url
https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B url
https://support.industry.siemens.com/cs/ww/en/view/109797645/ fix

Open in Interactive Console →