PT-2025-20855 · Siemens · Tia Portal+4
Published
2025-05-13
·
Updated
2025-05-13
·
CVE-2025-30175
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions:
SIMATIC PCS neo versions 4.1 through 5.0
SINEC NMS (affected versions not specified)
SINEMA Remote Connect (affected versions not specified)
Totally Integrated Automation Portal (TIA Portal) versions 17 through 20
User Management Component (UMC) versions prior to 2.15.1.1
Description:
A buffer overflow vulnerability has been identified in the integrated User Management Component (UMC) of the affected products. This could allow an unauthenticated remote attacker to cause a denial of service condition.
Recommendations:
For SIMATIC PCS neo versions 4.1 through 5.0, update the integrated UMC component to a version that includes the fix.
For SINEC NMS, restrict access to the integrated UMC component until a patch is available.
For SINEMA Remote Connect, avoid using the vulnerable UMC component until the issue is resolved.
For Totally Integrated Automation Portal (TIA Portal) versions 17 through 20, update the integrated UMC component to a version that includes the fix.
For User Management Component (UMC) versions prior to 2.15.1.1, update to version 2.15.1.1 or later.
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Simatic Pcs Neo
Sinec Nms
Sinema Remote Connect
Tia Portal
User Management