CVE-2026-25656
Analyzed Analyzed - Analysis Complete
Improper Configuration File Modification in SINEC NMS Enables SYSTEM Code Execution

Publication date: 2026-02-10

Last updated on: 2026-04-14

Assigner: Siemens AG

Description
A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3), User Management Component (UMC) (All versions < V2.15.2.1). The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker to load malicious DLLs, potentially leading to arbitrary code execution with SYSTEM privileges.(ZDI-CAN-28108)
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-10
Last Modified
2026-04-14
Generated
2026-06-16
AI Q&A
2026-02-10
EPSS Evaluated
2026-06-14
NVD
CVE-2026-25656
EUVD
EUVD-2026-6890
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
siemens sinec_nms *
siemens user_management_component to 2.15.2.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-427 The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "The CVE-2026-25656 vulnerability affects Siemens' User Management Component (UMC) and SINEC NMS products. It is a local privilege escalation vulnerability that allows a low-privileged attacker to improperly modify a configuration file."}, {'type': 'paragraph', 'content': 'This improper modification enables the attacker to load malicious DLLs, which can lead to arbitrary code execution with SYSTEM-level privileges.'}, {'type': 'paragraph', 'content': 'The vulnerability is identified by CWE-427 (Uncontrolled Search Path Element) and has a high severity score according to CVSS v3.1 and v4.0.'}] [1]

Impact Analysis

This vulnerability can allow an attacker with low privileges to escalate their privileges to SYSTEM level by loading malicious DLLs through improper modification of a configuration file.

As a result, the attacker could execute arbitrary code with the highest system privileges, potentially compromising the entire affected system.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

[{'type': 'paragraph', 'content': 'To mitigate the CVE-2026-25656 vulnerability, it is strongly recommended to update the User Management Component (UMC) to version 2.15.2.1 or later, as Siemens has released this version to address the issue.'}, {'type': 'paragraph', 'content': "Additionally, protect network access to affected devices and follow Siemens' operational guidelines for Industrial Security to reduce the risk of exploitation."}] [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-25656. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart