Primary

Context

Siemens SIMATIC PCS neo and User Management Component Out-of-Bounds Read Vulnerability Allowing Denial-of-Service

Vulnerability

A out-of-bounds read vulnerability has been identified in Siemens SIMATIC PCS neo versions 4.1 and 5.0, as well as in the User Management Component (UMC) versions prior to 2.15.1.3. This vulnerability resides in the integrated UMC component and could enable an unauthenticated remote attacker to cause a denial-of-service condition.

Impact

Exploitation of this vulnerability can lead to a denial-of-service condition, causing affected systems to become unresponsive or unavailable.

Remediation

Users are advised to update to User Management Component (UMC) version 2.15.1.3 or later. For SIMATIC PCS neo, follow the specific update recommendations available on the Siemens support portal. In non-networked deployments, block TCP ports 4002 and 4004 on machines with UMC installed, except for 'RT Server' type UMC machines, where port 4004 can be blocked universally without affecting functionality.

Added: Sep 9, 2025, 9:25 AM

Updated: Sep 9, 2025, 5:05 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.5

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.5

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Siemens SIMATIC PCS neo and User Management Component Out-of-Bounds Read Vulnerability Allowing Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating