CVE-2021-33727

MEDIUM

SINEC NMS <V1.0 SP2 Update 1 - Info Disclosure

Title source: llm
STIX 2.1

Description

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker could download the user profile of any user. With this, the attacker could leak confidential information of any user in the affected system.

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf

Scores

CVSS v3 6.5
EPSS 0.0033
EPSS Percentile 55.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (2)
siemens/sinec_nms 1.0 (3 CPE variants)
siemens/sinec_nms < 1.0
Published Oct 12, 2021
Tracked Since Feb 18, 2026