Siemens SINEC NMS

Plan PatchCVSS 7.8ICS-CERT ICSA-26-043-01Feb 10, 2026

Siemens

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Siemens SINEC NMS and User Management Component (UMC) contain local privilege escalation vulnerabilities (CWE-427: Untrusted Search Path). An attacker with a low-privilege user account can load malicious DLLs and execute arbitrary code with elevated system privileges. The vulnerability affects SINEC NMS versions before 4.0 SP2 and UMC versions before 2.15.2.1.

What this means

What could happen

An attacker with local access to a SINEC NMS workstation could run malicious code with elevated system privileges, potentially compromising the entire NMS system and allowing manipulation of network management functions across connected industrial equipment.

Who's at risk

Siemens SINEC NMS operators and network management teams. Affects organizations using SINEC NMS for industrial network management (power systems, water utilities, manufacturing) where the NMS workstations are shared among multiple users or accessible to contractors and service personnel.

How it could be exploited

An attacker with a low-privilege user account on a SINEC NMS workstation can exploit a DLL loading vulnerability to inject malicious code. The vulnerability is triggered during normal application operation, causing the elevated-privilege process to load and execute the attacker's malicious DLL.

Prerequisites

Local user account on the SINEC NMS workstation (low-privilege account is sufficient)
Write access to a location where the application searches for DLLs (typically achieved through the user's home directory or temp folder)

local exploitation only (no remote access)requires valid user accountlow attack complexityaffects network management system (can impact multiple controlled devices)

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

SINEC NMS<V4.0 SP24.0 SP2

User Management Component (UMC)< 2.15.2.12.15.2.1

SINEC NMSAll versions4.0 SP2

Remediation & Mitigation

0/4

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

SINEC NMS

HOTFIXUpdate SINEC NMS to version 4.0 SP2 or later

User Management Component (UMC)

HOTFIXUpdate User Management Component (UMC) to version 2.15.2.1 or later

Long-term hardening

0/2

SINEC NMS

HARDENINGRestrict local user account creation on SINEC NMS workstations to authorized personnel only

HARDENINGImplement file integrity monitoring on SINEC NMS workstations to detect unauthorized DLL placement in application directories

CVEs (2)

CVE-2026-25655 CVE-2026-25656

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/23b71e10-389e-4d0e-a2ed-ddf0241cc76a

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.