Cyber Resilience

CVE-2026-25656

High

Published: 10 February 2026

Published
10 February 2026
Modified
14 April 2026
KEV Added
Patch
CVSS Score v4 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0024 14.6th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-25656 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Siemens Sinec Nms. Its CVSS base score is 8.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique DLL (T1574.001); ranked at the 14.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-5 (Access Restrictions for Change).

Deeper analysis

CVE-2026-25656 affects SINEC NMS in all versions prior to V4.0 SP3 and the User Management Component (UMC) in all versions prior to V2.15.2.1. The vulnerability stems from improper modification of a configuration file by a low-privileged user (CWE-427), enabling the loading of malicious DLLs. This can potentially lead to arbitrary code execution with SYSTEM privileges. It carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on 2026-02-10.

A low-privileged local user can exploit the issue by altering the configuration file to reference a malicious DLL, requiring low attack complexity with no user interaction. Successful exploitation grants arbitrary code execution at SYSTEM privilege level, resulting in high impacts to confidentiality, integrity, and availability.

Siemens has published security advisory SSA-311973 at https://cert-portal.siemens.com/productcert/html/ssa-311973.html, which details the vulnerability and associated mitigations. The issue is canonically reported as ZDI-CAN-28108.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3), User Management Component (UMC) (All versions < V2.15.2.1). The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker…

more

to load malicious DLLs, potentially leading to arbitrary code execution with SYSTEM privileges.(ZDI-CAN-28108)

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1574.001 DLL Stealth
Adversaries may abuse dynamic-link library files (DLLs) in order to achieve persistence, escalate privileges, and evade defenses.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Vulnerability (CWE-427) allows low-privileged modification of a config file to force loading of attacker-supplied malicious DLLs, directly enabling DLL Side-Loading (T1574.002) that results in arbitrary code execution as SYSTEM and is therefore also Exploitation for Privilege Escalation (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-25655Same product: Siemens Sinec Nms
CVE-2024-53977Same vendor: Siemens
CVE-2025-40737Same product: Siemens Sinec Nms
CVE-2025-40738Same product: Siemens Sinec Nms
CVE-2025-40735Same product: Siemens Sinec Nms
CVE-2025-40736Same product: Siemens Sinec Nms
CVE-2025-40795Same product: Siemens User Management Component
CVE-2026-7279Shared CWE-427
CVE-2024-9495Shared CWE-427
CVE-2026-24502Shared CWE-427

Affected Assets

siemens
sinec nms
all versions
siemens
user management component
≤ 2.15.2.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the vulnerability by applying vendor patches for SINEC NMS V4.0 SP3 and UMC V2.15.2.1 as detailed in Siemens advisory SSA-311973.

prevent

Restricts access to configuration change mechanisms, preventing low-privileged users from improperly modifying configuration files to reference malicious DLLs.

prevent

Enforces least privilege to ensure low-privileged users lack the permissions needed to modify critical configuration files leading to DLL loading and code execution.

References