A vulnerability has been identified in SINEC NMS (All versions < V2.0). The affected application assigns improper access rights to specific folders containing executable files and libraries. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges.
https://cert-portal.siemens.com/productcert/html/ssa-160243.html
https://cert-portal.siemens.com/productcert/pdf/ssa-160243.pdf