Primary

Context

Siemens Products User Management Component Out-of-Bounds Read Vulnerability Leading to Denial-of-Service

Vulnerability

A denial-of-service vulnerability has been identified in the integrated User Management Component (UMC) of several Siemens products, including SIMATIC PCS neo, SINEC NMS versions prior to 4.0, SINEMA Remote Connect, and various versions of the Totally Integrated Automation Portal (TIA Portal). The vulnerability arises from an out-of-bounds read buffer overflow, which could allow an unauthenticated remote attacker to cause a denial-of-service condition.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing affected systems to become unresponsive or unavailable.

Remediation

Users can update to version 2.15.1.1 or later. For SINEC NMS, update to version 4.0 or later. In non-networked scenarios, block TCP ports 4002 and 4004 on machines with UMC installed. If no RT server machines are used, port 4004 can be blocked completely.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Siemens Products User Management Component Out-of-Bounds Read Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating