Vulnerability Details CVE-2026-25656
A vulnerability has been identified in SINEC NMS (All versions), User Management Component (UMC) (All versions < V2.15.2.1). The affected application permits improper modification of a configuration file by a low-privileged user.
This could allow an attacker to load malicious DLLs, potentially leading to arbitrary code execution with SYSTEM privileges.(ZDI-CAN-28108)
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 0.3%
CVSS Severity
CVSS v3 Score 7.8
Products affected by CVE-2026-25656
-
cpe:2.3:a:siemens:sinec_nms:-
-
cpe:2.3:a:siemens:user_management_component:*