Vulnerability-Lookup

CNVD-2026-07568

Vulnerability from cnvd - Published: 2026-01-28

Title

Siemens Altair Grid Engine信息泄露漏洞

Description

Siemens Altair Grid Engine是美国Siemens公司的一个分布式资源管理系统。 Siemens Altair Grid Engine存在信息泄露漏洞，该漏洞源于错误处理不当，攻击者可利用该漏洞提取特权账户的密码哈希值。

Severity

中

Patch Name

Siemens Altair Grid Engine信息泄露漏洞的补丁

Patch Description

Siemens Altair Grid Engine是美国Siemens公司的一个分布式资源管理系统。 Siemens Altair Grid Engine存在信息泄露漏洞，该漏洞源于错误处理不当，攻击者可利用该漏洞提取特权账户的密码哈希值。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://cert-portal.siemens.com/productcert/html/ssa-514895.html

Reference

https://cert-portal.siemens.com/productcert/html/ssa-514895.html

Impacted products

Name
SIEMENS Altair Grid Engine <v2026.0.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-40760",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-40760"
    }
  },
  "description": "Siemens Altair Grid Engine\u662f\u7f8e\u56fdSiemens\u516c\u53f8\u7684\u4e00\u4e2a\u5206\u5e03\u5f0f\u8d44\u6e90\u7ba1\u7406\u7cfb\u7edf\u3002\n\nSiemens Altair Grid Engine\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u9519\u8bef\u5904\u7406\u4e0d\u5f53\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u53d6\u7279\u6743\u8d26\u6237\u7684\u5bc6\u7801\u54c8\u5e0c\u503c\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://cert-portal.siemens.com/productcert/html/ssa-514895.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2026-07568",
  "openTime": "2026-01-28",
  "patchDescription": "Siemens Altair Grid Engine\u662f\u7f8e\u56fdSiemens\u516c\u53f8\u7684\u4e00\u4e2a\u5206\u5e03\u5f0f\u8d44\u6e90\u7ba1\u7406\u7cfb\u7edf\u3002\r\n\r\nSiemens Altair Grid Engine\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u9519\u8bef\u5904\u7406\u4e0d\u5f53\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u53d6\u7279\u6743\u8d26\u6237\u7684\u5bc6\u7801\u54c8\u5e0c\u503c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens Altair Grid Engine\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "SIEMENS Altair Grid Engine \u003cv2026.0.0"
  },
  "referenceLink": "https://cert-portal.siemens.com/productcert/html/ssa-514895.html",
  "serverity": "\u4e2d",
  "submitTime": "2025-11-14",
  "title": "Siemens Altair Grid Engine\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

CVE-2025-40760 (GCVE-0-2025-40760)

Vulnerability from cvelistv5 – Published: 2025-11-11 20:20 – Updated: 2025-11-12 19:30

Summary

A vulnerability has been identified in Altair Grid Engine (All versions < V2026.0.0). Affected products do not properly handle error messages and discloses sensitive password hash information when processing user authentication requests. This could allow a local attacker to extract password hashes for privileged accounts, which can then be subjected to offline brute-force attacks.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.8 (Medium)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

CWE

CWE-209 - Generation of Error Message Containing Sensitive Information

Assigner

siemens

References

URL

Tags

https://cert-portal.siemens.com/productcert/html/…

Impacted products

	Vendor	Product	Version
	Siemens	Altair Grid Engine	Affected: 0 , < V2026.0.0 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-40760",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-12T19:11:51.267535Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-12T19:30:50.394Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Altair Grid Engine",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2026.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in Altair Grid Engine (All versions \u003c V2026.0.0). Affected products do not properly handle error messages and discloses sensitive password hash information when processing user authentication requests.\r\nThis could allow a local attacker to extract password hashes for privileged accounts, which can then be subjected to offline brute-force attacks."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-209",
              "description": "CWE-209: Generation of Error Message Containing Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-11T20:20:35.579Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-514895.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2025-40760",
    "datePublished": "2025-11-11T20:20:35.579Z",
    "dateReserved": "2025-04-16T08:39:30.032Z",
    "dateUpdated": "2025-11-12T19:30:50.394Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2026-07568

CVE-2025-40760 (GCVE-0-2025-40760)

Tags

Sightings

Nomenclature