Primary

Context

Siemens SINEC NMS and User Management Component Local Privilege Escalation Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Patched

A local privilege escalation vulnerability has been identified in Siemens SINEC NMS and the User Management Component (UMC) versions prior to 2.15.2.1. This vulnerability allows a low-privileged user to improperly modify a configuration file, potentially leading to the execution of malicious DLLs and arbitrary code with SYSTEM privileges.

Impact

Exploitation of this vulnerability could result in unauthorized modification of configuration files, allowing for the execution of malicious DLLs and arbitrary code with elevated SYSTEM privileges.

Remediation

Users of the User Management Component (UMC) should update to version 2.15.2.1 or later. For more information, visit the Siemens support page.

Added: Feb 10, 2026, 11:54 AM

Updated: Feb 10, 2026, 3:47 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

2.9

remediation

7.7

relevance

2.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

2.9

remediation

7.7

relevance

2.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Siemens SINEC NMS and User Management Component Local Privilege Escalation Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

Siemens SINEC NMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating