SINEC NMS is a network management system from Siemens for monitoring and managing industrial networks.A SQL injection vulnerability exists in versions prior to SINEC NMS 1.0 SP2 Update 1, which could be exploited by an authenticated attacker to import firmware containers into the affected system and execute arbitrary commands in the local database.