CNNVD-202602-1639 Information

Feb 10, 2026 cve

CNNVD ID

CNNVD-202602-1639

CVE-2026-25656

CNNVD Published: 2026-02-10

Description (Chinese)

Siemens SINEC NMS和Siemens User Management Component都是德国西门子（Siemens）公司的产品。Siemens SINEC NMS是一个网络管理系统 (NMS)，该系统可用于全天候集中监控、管理和配置具有数万台设备的工业网络，包括与安全相关的领域。Siemens User Management Component是一个集中式身份管理平台。 Siemens SINEC NMS和Siemens User Management Component V2.15.2.1之前版本存在代码问题漏洞，该漏洞源于低权限用户可不当修改配置文件，可能导致加载恶意DLL并以SYSTEM权限执行任意代码。

Description (English)

Siemens SINEC NMS and Siemens User Management Company are products of Siemens, Germany. Siemens SINAC NMS is a network management system (NMS) that can be used to centrally monitor, manage and configure industrial networks with tens of thousands of equipment around the clock, including in security-related areas. Siemens User Management Component is a centralized identity management platform. Siemens SINEC NMS and Siemens User Management Company V2.15.2.1 had a code gap, which stemmed from the fact that low-licensed users could inappropriately modify the configuration file and could lead to the loading of malicious DLLs and the execution of arbitrary codes with SYSTEM privileges.

Hazard Level

Medium

Vulnerability Type

代码问题

Affected Vendor

西门子

Published

2026-02-10

Last Modified

2026-02-24

References

https://cert-portal.siemens.com/productcert/html/ssa-311973.html https://access.redhat.com/security/cve/cve-2026-25656

Patch

https://cert-portal.siemens.com/productcert/html/ssa-311973.html

Share on: