Siemens SINEC NMS Local Privilege Escalation Vulnerability (CVE-2026-25655) Patched
Siemens has released a security update for CVE-2026-25655, an uncontrolled search path element vulnerability in SINEC NMS that allows local attackers to escalate privileges to SYSTEM or LOCAL SERVICE.
Siemens has issued a security update to address CVE-2026-25655, a local privilege escalation vulnerability in its SINEC Network Management System (NMS). The flaw, reported by Michael DePlante of Trend Micro's Zero Day Initiative, allows an attacker with low-privileged code execution on the target system to escalate privileges and execute arbitrary code in the context of a target user or LOCAL SERVICE.
The vulnerability stems from an uncontrolled search path element in the product's configuration of OpenSSL. Specifically, SINEC NMS loads an OpenSSL configuration file from an unsecured location, which an attacker can manipulate to load a malicious configuration. This enables the attacker to execute arbitrary code with elevated privileges, potentially gaining full control over the affected system.
Siemens has rated the vulnerability with a CVSS v3.1 score of 7.8 (High), indicating a significant risk. The attack vector is local, requiring the attacker to already have low-privileged access to the system. However, the impact on confidentiality, integrity, and availability is rated as high, meaning successful exploitation could lead to complete compromise of the affected device.
The vulnerability affects Siemens SINEC NMS, a network management solution used in industrial environments. Organizations running this product are urged to apply the security update provided by Siemens as soon as possible. The update is available via the Siemens ProductCERT portal at https://cert-portal.siemens.com/productcert/html/ssa-311973.html.
Siemens coordinated the disclosure with Trend Micro's ZDI, following a responsible disclosure timeline. The vulnerability was reported on September 19, 2025, and the coordinated public release occurred on February 25, 2026. No in-the-wild exploitation has been reported at this time, but given the public availability of the advisory, administrators should prioritize patching.
This vulnerability highlights the ongoing risk of local privilege escalation flaws in industrial control system (ICS) software. While such vulnerabilities require local access, they are often chained with other exploits or used by insiders to gain higher privileges. Siemens has a history of addressing such issues through its ProductCERT, and users are advised to regularly check for updates and follow security best practices for ICS environments.