Siemens SINEC NMS Improper Authentication Privilege Escalation Vulnerability

Rocco Calvi

April 23, 2026

ZDI ID: ZDI-26-297

ZDI-CAN: ZDI-CAN-28759

CVE: CVE-2026-25654
CVSS: 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Vendors: Siemens
Affected Products: SINEC NMS

Vulnerability Details

This vulnerability allows remote attackers to escalate privileges on affected installations of Siemens SINEC NMS. Authentication is required to exploit this vulnerability.

The specific flaw exists within the web service listening on TCP port 443. The issue results from improper authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to escalate privileges to access protected resources.

Additional Details

ZDI Advisory
Siemens Security Advisory SSA-605717

Disclosure Timeline

2026-01-22 — Vulnerability reported to vendor
2026-04-23 — Coordinated public release of advisory
2026-04-23 — Advisory updated