HIGHCVE-2026-25655Published 2026-02-10Modified 2026-02-10CNA siemens

CVE-2026-25655: A vulnerability has been identified in SINEC NMS (All versions < V4

A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP2). The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker to load malicious DLLs, potentially leading to arbitrary code execution with administrative privilege.(ZDI-CAN-28107)

CVSS v4.0: 8.5
Severity: HIGH
Fixed in: V4.0 SP2
Affected Products: 1

Fix available

V4.0 SP2

Affected packages

Siemens / SINEC NMS
< V4.0 SP2 (from 0)

CVSS Vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

cert-portal.siemens.com

Metrics

Fix available