CVE-2025-40831 | THREATINT

Description

A vulnerability has been identified in SINEC Security Monitor (All versions < V4.10.0). The affected application lacks input validation of date parameter in report generation functionality. This could allow an authenticated, lowly privileged attacker to cause denial of service condition of the report functionality.

PUBLISHED Reserved 2025-04-16 | Published 2025-12-09 | Updated 2025-12-09 | Assigner siemens

MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

HIGH: 7.1CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-20: Improper Input Validation

Product status

Default status

unknown

Any version before V4.10.0

affected

References

cert-portal.siemens.com/productcert/html/ssa-882673.html

cve.org (CVE-2025-40831)

nvd.nist.gov (CVE-2025-40831)

Download JSON