Siemens SINEC NMS

Plan Patch7.8ICS-CERT ICSA-26-043-01Feb 10, 2026

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Two local privilege escalation vulnerabilities in SINEC NMS allow a low-privileged local user to load malicious DLLs and execute arbitrary code with elevated privileges. The vulnerabilities stem from insecure DLL loading practices (CWE-427). SINEC NMS versions below 4.0 SP2 and User Management Component versions below 2.15.2.1 are affected. Siemens has released patches for both components.

What this means

What could happen

An attacker with local access to a workstation running SINEC NMS could load malicious DLLs to gain administrative privileges and run arbitrary commands, potentially allowing them to modify network configuration or disrupt operations.

Who's at risk

Organizations using Siemens SINEC NMS (network management system for industrial automation) are affected, particularly those running versions before 4.0 SP2. The vulnerability affects engineering workstations and management servers that manage critical network infrastructure in manufacturing, utilities, and other industrial facilities.

How it could be exploited

An attacker with local user access exploits a DLL loading vulnerability (insecure library search path or uncontrolled DLL load) by placing a malicious DLL in a location where SINEC NMS searches during startup. When the application runs, it loads the attacker's DLL with elevated privileges, giving the attacker code execution as an administrator.

Prerequisites

Local user account on the workstation running SINEC NMS
Ability to write files to a directory in the DLL search path (typically the application directory or Windows system directory)
SINEC NMS versions before 4.0 SP2 or unpatched UMC versions before 2.15.2.1

Local privilege escalationArbitrary code executionLow complexity attackDefault Windows DLL search behavior exploitableAffects system management software

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

SINEC NMS<V4.0 SP24.0 SP2

User Management Component (UMC)< 2.15.2.12.15.2.1

SINEC NMSAll versions4.0 SP2

Remediation & Mitigation

0/4

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

SINEC NMS

HOTFIXUpdate SINEC NMS to version 4.0 SP2 or later

User Management Component (UMC)

HOTFIXUpdate User Management Component (UMC) to version 2.15.2.1 or later

Long-term hardening

0/2

SINEC NMS

HARDENINGRestrict local user account creation and access to workstations running SINEC NMS to authorized personnel only

HARDENINGMonitor file system changes in SINEC NMS application directories for unauthorized DLL creation

CVEs (2)

CVE-2026-25655 CVE-2026-25656

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/23b71e10-389e-4d0e-a2ed-ddf0241cc76a