Description
A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP2). The affected application permits improper modification of a configuration file by a low-privileged user.
This could allow an attacker to load malicious DLLs, potentially leading to arbitrary code execution with administrative privilege.(ZDI-CAN-28107)
Published: 2026-02-10
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary Code Execution
Action: Immediate Patch
AI Analysis

Impact

The flaw permits a low‑privileged user to modify the Siemens SINEC NMS configuration file, enabling the injection of malicious DLLs. When the application loads these libraries, it can execute arbitrary code with administrative rights, effectively allowing full system compromise. This weakness corresponds to the directory traversal/path manipulation mechanisms identified as CWE‑427.

Affected Systems

Siemens SINEC NMS versions older than 4.0 Service Pack 2 are affected. The vulnerability is present in all releases prior to that, including the 4.0.0 baseline and its sp1 revision. Only the Siemens SINEC NMS product is impacted.

Risk and Exploitability

The CVSS score of 8.5 reflects a high impact and ease of exploitation, yet the EPSS rating of less than 1% suggests it is unlikely to be attacked in the wild at present. The vulnerability is not listed in the CISA KEV catalog. Attackers would need local access with low privileges, then modify a configuration file to point to a malicious DLL, after which the service runs the code with elevated privileges.

Generated by OpenCVE AI on April 17, 2026 at 20:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Siemens SINEC NMS 4.0 SP2 or later to eliminate the flaw.
  • Restrict write permissions on the configuration file so that only administrative users can modify it.
  • Implement file integrity monitoring on the configuration file to detect unauthorized changes.

Generated by OpenCVE AI on April 17, 2026 at 20:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Title Unauthorized Configuration File Modification Leads to Arbitrary Code Execution in Siemens SINEC NMS

Thu, 12 Feb 2026 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Siemens sinec Nms
CPEs cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinec_nms:4.0:-:*:*:*:*:*:*
cpe:2.3:a:siemens:sinec_nms:4.0:sp1:*:*:*:*:*:*
Vendors & Products Siemens sinec Nms

Tue, 10 Feb 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 10 Feb 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Siemens
Siemens sinec-nms
Vendors & Products Siemens
Siemens sinec-nms

Tue, 10 Feb 2026 10:15:00 +0000

Type Values Removed Values Added
Description A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP2). The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker to load malicious DLLs, potentially leading to arbitrary code execution with administrative privilege.(ZDI-CAN-28107)
Weaknesses CWE-427
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Siemens Sinec-nms Sinec Nms
cve-icon MITRE

Status: PUBLISHED

Assigner: siemens

Published:

Updated: 2026-02-10T15:04:34.226Z

Reserved: 2026-02-04T12:39:06.285Z

Link: CVE-2026-25655

cve-icon Vulnrichment

Updated: 2026-02-10T15:04:24.980Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-10T10:15:59.700

Modified: 2026-02-12T15:27:28.540

Link: CVE-2026-25655

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T21:00:12Z

Weaknesses