PT-2025-49839 · Siemens · Sinec Security Monitor
Published
2025-12-09
·
Updated
2025-12-09
·
CVE-2025-40830
CVSS v2.0
6.8
Medium
| Vector | AV:L/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
SINEC Security Monitor versions prior to 4.10.0
Description
The application lacks appropriate authorization controls for the
file transfer feature within the ssmctl-client command. This could enable an authenticated, low-privilege local attacker to read or write any file on the server or sensor.Recommendations
Update to version 4.10.0 or later.
Fix
Improper Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sinec Security Monitor