PT-2025-20854 · Siemens · Tia Portal+4
Published
2025-05-13
·
Updated
2025-05-13
·
CVE-2025-30174
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions:
SIMATIC PCS neo versions 4.1 through 5.0
SINEC NMS (affected versions not specified)
SINEMA Remote Connect (affected versions not specified)
Totally Integrated Automation Portal (TIA Portal) versions 17 through 20
User Management Component (UMC) versions prior to 2.15.1.1
Description:
A vulnerability has been identified in the integrated User Management Component (UMC) that could allow an unauthenticated remote attacker to cause a denial of service condition due to an out of bound read buffer overflow.
Recommendations:
For SIMATIC PCS neo versions 4.1 through 5.0, update the integrated UMC component to a version that includes the fix.
For SINEC NMS, restrict access to the integrated UMC component until a patch is available.
For SINEMA Remote Connect, avoid using the vulnerable UMC component until the issue is resolved.
For Totally Integrated Automation Portal (TIA Portal) versions 17 through 20, consider disabling the integrated UMC component as a temporary workaround.
For User Management Component (UMC) versions prior to 2.15.1.1, update to version 2.15.1.1 or later to resolve the issue.
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Simatic Pcs Neo
Sinec Nms
Sinema Remote Connect
Tia Portal
User Management