ZDI-26-132: Siemens SINEC NMS Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

• Advisory Details Siemens SINEC NMS Uncontrolled Search Path Element Local Privilege Escalation Vulnerability ZDI-26-132ZDI-CAN-28108 This vulnerability allows local attackers to escalate privileges on affected installations of Siemens SINEC NMS • An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability • The specific flaw exists within the configuration of OpenSSL • The product loads an OpenSSL configuration file from an unsecured location • An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM • 2025-09-19 - Vulnerability reported to vendor 2026-02-25 - Coordinated public release of advisory 2026-02-25 - Advisory Updated General Inquiries Find us on X Find us on Mastodon Media Inquiries Sensitive Email Communications Our Mission TrendAI TippingPoint IPS Process Researcher Rewards FAQS Privacy Published Advisories Upcoming Advisories RSS Feeds

Advisory Details Siemens SINEC NMS Uncontrolled Search Path Element Local Privilege Escalation Vulnerability ZDI-26-131ZDI-CAN-28107 This vulnerability allows local attackers to escalate privileges on affect

Article Summaries:

• CVE ID | CVE-2026-25656 | CVSS SCORE | 7.8, AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | AFFECTED VENDORS | Siemens | AFFECTED PRODUCTS | SINEC NMS | VULNERABILITY DETAILS | This vulnerability allows local attackers to escalate privileges on affected installations of Siemens SINEC NMS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to e
• CVE ID | CVE-2026-25655 | CVSS SCORE | 7.8, AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | AFFECTED VENDORS | Siemens | AFFECTED PRODUCTS | SINEC NMS | VULNERABILITY DETAILS | This vulnerability allows local attackers to escalate privileges on affected installations of Siemens SINEC NMS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to e

Sources:

• http://www.zerodayinitiative.com/advisories/ZDI-26-132/
• http://www.zerodayinitiative.com/advisories/ZDI-26-131/ (Latest source article published: 2026-02-25 06:00 UTC)