VDB
SSA-311973
SSA-311973
PUBLISHED
CVSS 7.800000190734863 HIGH
Multiple Siemens products are affected by two local privilege escalation vulnerabilities which could allow an low privileged attacker to load malicious DLLs, potentially leading to arbitrary code execution with elevated privileges. Siemens has released new versions for the affected products and recommends to update to the latest versions.
Risk Scores
CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| User Management Component (UMC) | ||
| SINEC NMS |
Exploit Intelligence
- https://cert-portal.siemens.com/productcert/html/ssa-311973.html (circl)
- https://cert-portal.siemens.com/productcert/csaf/ssa-311973.json (circl)
- https://support.industry.siemens.com/cs/ww/en/view/109998317/ (circl)
- https://support.industry.siemens.com/cs/ww/en/view/109996127/ (circl)
- https://support.industry.siemens.com/cs/ww/en/view/110000760/ (circl)
Timeline
- Feb 10, 2026 CVE Published
- Apr 14, 2026 CVE Updated
References
- https://cert-portal.siemens.com/productcert/html/ssa-311973.html advisory
- https://cert-portal.siemens.com/productcert/csaf/ssa-311973.json advisory
- https://support.industry.siemens.com/cs/ww/en/view/109998317/ fix
- https://support.industry.siemens.com/cs/ww/en/view/109996127/ fix
- https://support.industry.siemens.com/cs/ww/en/view/110000760/ fix