CVE-2026-27661
CVE-2026-27661
In short
SINEC Security Monitor versions before 4.9.0 leak sensitive information like contributor names and email addresses in file metadata on the server. This exposure could help attackers gather intelligence about the organization and its personnel.
Technical detail
The vulnerability involves information disclosure through metadata on SSM Server in SINEC Security Monitor versions < 4.9.0. Attackers with access to server files or metadata can extract confidential details such as contributor names and email addresses. This information exposure can facilitate social engineering and reconnaissance attacks.
Summary generated and translated by AI from the official description.
A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). The affected application leaks confidential information in metadata, and files such as information on contributors and email address, on `SSM Server`.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Affected products
Siemens · SINEC Security MonitorWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →