PT-2025-20856 · Siemens · Tia Portal+4
Published
2025-05-13
·
Updated
2025-05-13
·
CVE-2025-30176
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions:
SIMATIC PCS neo versions 4.1 through 5.0
SINEC NMS (affected versions not specified)
SINEMA Remote Connect (affected versions not specified)
Totally Integrated Automation Portal (TIA Portal) versions 17 through 20
User Management Component (UMC) versions prior to 2.15.1.1
Description:
A vulnerability has been identified in the integrated User Management Component (UMC) that could allow an unauthenticated remote attacker to cause a denial of service condition due to an out of bound read buffer overflow.
Recommendations:
For SIMATIC PCS neo versions 4.1 through 5.0, update the integrated UMC component to a version that includes the fix.
For SINEC NMS, restrict access to the integrated UMC component until a patch is available.
For SINEMA Remote Connect, consider disabling the integrated UMC component as a temporary workaround.
For Totally Integrated Automation Portal (TIA Portal) versions 17 through 20, update the User Management Component (UMC) to version 2.15.1.1 or later.
For User Management Component (UMC) versions prior to 2.15.1.1, update to version 2.15.1.1 or later.
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Simatic Pcs Neo
Sinec Nms
Sinema Remote Connect
Tia Portal
User Management