CVE-2026-25656
published 2026-02-10CVE-2026-25656: A vulnerability has been identified in SINEC NMS (All versions), User Management Component (UMC) (All versions < V2.15.2.1). The affected application permits…
high8.5CVSS 4.0
AVLACLATNPRLUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
A vulnerability has been identified in SINEC NMS (All versions), User Management Component (UMC) (All versions < V2.15.2.1). The affected application permits improper modification of a configuration file by a low-privileged user.
This could allow an attacker to load malicious DLLs, potentially leading to arbitrary code execution with SYSTEM privileges.(ZDI-CAN-28108)
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | sinec_nms | < V4.0 SP3 | V4.0 SP3 |
| siemens | user_management_component | < V2.15.2.1 | V2.15.2.1 |
| siemens | user_management_component | < 2.15.2.1 | 2.15.2.1 |