Primary

Context

Siemens SINEC NMS Local Privilege Escalation Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A local privilege escalation vulnerability has been identified in Siemens SINEC NMS, affecting all versions prior to V4.0 SP2. This vulnerability allows a low-privileged user to improperly modify a configuration file, which could enable the loading of malicious DLLs. Such an action could lead to arbitrary code execution with administrative privileges.

Impact

Exploitation of this vulnerability could result in unauthorized modification of configuration files, allowing for the execution of malicious DLLs and potentially leading to arbitrary code execution with elevated privileges.

Remediation

Siemens has released a patch for this vulnerability. Users are advised to update to SINEC NMS V4.0 SP2 or later.

Added: Feb 10, 2026, 11:55 AM

Updated: Feb 10, 2026, 3:30 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

3.1

exploitability

2.9

remediation

0.0

relevance

2.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

3.1

exploitability

2.9

remediation

0.0

relevance

2.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Siemens SINEC NMS Local Privilege Escalation Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

Siemens SINEC NMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating