CVE-2021-33727

Published: Oct 12, 2021Modified: Jun 17, 2026

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker could download the user profile of any user. With this, the attacker could leak confidential information of any user in the affected system.

Affected (4)

Products: Siemens: Sinec Nms

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Siemens Sinec Nms	Before 1.0
Siemens Sinec Nms	Version 1.0
Siemens Sinec Nms	Version 1.0 sp1
Siemens Sinec Nms	Version 1.0 sp2

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf

Source: productcert@siemens.com

PatchVendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.