CVE-2026-25656
CVSS Score
7.8
EPSS Score
0.0%
EPSS Percentile
1th
A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3), User Management Component (UMC) (All versions < V2.15.2.1). The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker to load malicious DLLs, potentially leading to arbitrary code execution with SYSTEM privileges.(ZDI-CAN-28108)
| CWE | CWE-427 |
| Vendor | siemens |
| Product | sinec nms |
| Ecosystems | |
| Industries | IndustrialManufacturing |
| Published | Feb 10, 2026 |
| Last Updated | Apr 14, 2026 |
Stay Ahead of the Next One
Get instant alerts for siemens sinec nms
Be the first to know when new high vulnerabilities affecting siemens sinec nms are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
Siemens / SINEC NMS
0 < V4.0 SP3
Siemens / User Management Component (UMC)
0 < V2.15.2.1