Siemens Products Out-of-Bounds Read Buffer Overflow Vulnerability in User Management Component Allowing Denial-of-Service
Vulnerability
A denial-of-service vulnerability has been identified in several Siemens products, including SIMATIC PCS neo, SINEC NMS versions prior to 4.0, SINEMA Remote Connect, and various versions of the Totally Integrated Automation Portal (TIA Portal). The issue arises from an out-of-bounds read buffer overflow in the integrated User Management Component (UMC), which could enable an unauthenticated remote attacker to cause a denial-of-service condition.
Impact
Exploitation of this vulnerability leads to a denial-of-service condition, causing affected systems to become unresponsive or unavailable.
Remediation
Users of SINEC NMS should update to version 4.0 or later. For those using SINEMA Remote Connect or TIA Portal, UMC should be updated to version 2.15.1.1 or a later compatible version. In non-networked deployments, TCP ports 4002 and 4004 should be blocked on machines with UMC installed. If no RT server machines are used, port 4004 can be blocked completely.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.