VDB

CVE-2026-25656

CVE-2026-25656 PUBLISHED CVSS 7.800000190734863 HIGH

A vulnerability has been identified in SINEC NMS (All versions), User Management Component (UMC) (All versions < V2.15.2.1). The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker to load malicious DLLs, potentially leading to arbitrary code execution with SYSTEM privileges.(ZDI-CAN-28108)

EPSS 0.01% · 1.6th percentile

Risk Scores

CVSS v3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.01%
1.6th percentile

Affected Products

VendorProductVersions
siemenssinec_nms
SiemensSINEC NMS0, 0
SiemensUser Management Component (UMC)0, 0
siemensuser_management_component0, 0

Timeline

  • Feb 4, 2026 CVE ID Reserved
  • Feb 10, 2026 EPSS Score
  • Feb 10, 2026 CVE Published
  • Feb 10, 2026 PoC Published
  • Feb 12, 2026 EPSS Score
  • Feb 12, 2026 PoC Published
  • Feb 14, 2026 EPSS Score
  • Feb 16, 2026 EPSS Score
  • Feb 17, 2026 PoC Published
  • Feb 18, 2026 EPSS Score
  • Feb 20, 2026 EPSS Score
  • Feb 22, 2026 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›