{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25656", "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "state": "PUBLISHED", "assignerShortName": "siemens", "dateReserved": "2026-02-04T12:39:06.286Z", "datePublished": "2026-02-10T09:58:55.243Z", "dateUpdated": "2026-04-14T08:40:44.535Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens", "dateUpdated": "2026-04-14T08:40:44.535Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3), User Management Component (UMC) (All versions < V2.15.2.1). The affected application permits improper modification of a configuration file by a low-privileged user.\r\nThis could allow an attacker to load malicious DLLs, potentially leading to arbitrary code execution with SYSTEM privileges.(ZDI-CAN-28108)"}], "affected": [{"vendor": "Siemens", "product": "SINEC NMS", "versions": [{"status": "affected", "version": "0", "lessThan": "V4.0 SP3", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "User Management Component (UMC)", "versions": [{"status": "affected", "version": "0", "lessThan": "V2.15.2.1", "versionType": "custom"}], "defaultStatus": "unknown"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH"}}, {"cvssV4_0": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "baseScore": 8.5, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-427", "description": "CWE-427: Uncontrolled Search Path Element", "type": "CWE"}]}], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-311973.html"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-10T15:02:46.316399Z", "id": "CVE-2026-25656", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-10T15:03:26.326Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25656", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-10T15:02:46.316399Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-10T15:03:04.096Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}, {"cvssV4_0": {"version": "4.0", "baseScore": 8.5, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}], "affected": [{"vendor": "Siemens", "product": "SINEC NMS", "versions": [{"status": "affected", "version": "0", "lessThan": "V4.0 SP3", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "User Management Component (UMC)", "versions": [{"status": "affected", "version": "0", "lessThan": "V2.15.2.1", "versionType": "custom"}], "defaultStatus": "unknown"}], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-311973.html"}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3), User Management Component (UMC) (All versions < V2.15.2.1). The affected application permits improper modification of a configuration file by a low-privileged user.\r\nThis could allow an attacker to load malicious DLLs, potentially leading to arbitrary code execution with SYSTEM privileges.(ZDI-CAN-28108)"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-427", "description": "CWE-427: Uncontrolled Search Path Element"}]}], "providerMetadata": {"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens", "dateUpdated": "2026-04-14T08:40:44.535Z"}}}, "cveMetadata": {"cveId": "CVE-2026-25656", "state": "PUBLISHED", "dateUpdated": "2026-04-14T08:40:44.535Z", "dateReserved": "2026-02-04T12:39:06.286Z", "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "datePublished": "2026-02-10T09:58:55.243Z", "assignerShortName": "siemens"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:sinec_nms:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FA9CD9F-B0E7-41E4-9383-2F212DDCBBA9", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:user_management_component:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E1CEBC6-7D60-4929-B802-62C990201D12", "versionEndExcluding": "2.15.2.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3), User Management Component (UMC) (All versions < V2.15.2.1). The affected application permits improper modification of a configuration file by a low-privileged user.\r\nThis could allow an attacker to load malicious DLLs, potentially leading to arbitrary code execution with SYSTEM privileges.(ZDI-CAN-28108)"}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en SINEC NMS (Todas las versiones), Componente de Gesti\u00f3n de Usuarios (UMC) (Todas las versiones &lt; V2.15.2.1). La aplicaci\u00f3n afectada permite la modificaci\u00f3n indebida de un archivo de configuraci\u00f3n por parte de un usuario con pocos privilegios.\nEsto podr\u00eda permitir a un atacante cargar DLLs maliciosas, lo que podr\u00eda llevar a la ejecuci\u00f3n de c\u00f3digo arbitrario con privilegios de SYSTEM.(ZDI-CAN-28108)"}], "id": "CVE-2026-25656", "lastModified": "2026-04-14T09:16:35.313", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "productcert@siemens.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "productcert@siemens.com", "type": "Secondary"}]}, "published": "2026-02-10T10:15:59.880", "references": [{"source": "productcert@siemens.com", "tags": ["Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/html/ssa-311973.html"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "productcert@siemens.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,*]"}}], "product": "sinec-nms", "vendor": "siemens"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,V2.15.2.1)"}}], "product": "user_management_component", "vendor": "siemens"}], "analysis": {"en": {"generated_at": "2026-04-15T15:14:43.027368+00:00", "value": {"mitigation_remediation": ["Upgrade Siemens SINEC NMS to version V4.0 SP3 or later.", "Upgrade the User Management Component to version V2.15.2.1 or later.", "Restrict file permissions on configuration files to prevent modification by low\u2011privileged users."], "summary": {"action": "Immediate Patch", "impact": "Arbitrary Code Execution"}, "threat_synthesis": {"affected_systems": "Siemens SINEC NMS versions earlier than V4.0 SP3; Siemens User Management Component versions earlier than V2.15.2.1.", "description_and_impact": "The vulnerability allows a low\u2011privileged user to modify a configuration file in Siemens SINEC NMS and the User Management Component. This can lead to loading malicious DLLs and executing arbitrary code with SYSTEM privileges. The weakness is identified as CWE\u2011427, an uncontrolled search path element.", "risk_and_exploitability": "The CVSS v3 score is 8.5, indicating high severity. The EPSS score is below 1\u202f%, showing a very low exploitation probability at present, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is local; a user with limited privileges needs only write access to the configuration file to trigger the exploit and can elevate privileges to SYSTEM through malicious DLL loading."}}}}, "created": "2026-02-10T12:23:29.582436+00:00", "title": "Improper Configuration File Modification Allows Arbitrary Code Execution with Elevated Privileges", "updated": "2026-04-15T17:45:10.848420+00:00", "vendors": ["siemens", "siemens$PRODUCT$sinec-nms", "siemens$PRODUCT$user_management_component"]}