Primary

Context

Siemens SIMATIC PCS neo and User Management Component Out-of-Bounds Read Vulnerability Leading to Denial-of-Service

Vulnerability

A out-of-bounds read vulnerability has been identified in Siemens SIMATIC PCS neo versions 4.1 and 5.0, as well as in the User Management Component (UMC) versions prior to 2.15.1.3. This vulnerability allows an unauthenticated remote attacker to cause a denial-of-service condition by exploiting the integrated UMC component.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing affected systems to become unresponsive or unavailable.

Remediation

Users are advised to update the User Management Component (UMC) to version 2.15.1.3 or later. For SIMATIC PCS neo, specific update instructions can be found on the Siemens support portal. In non-networked deployments, block TCP ports 4002 and 4004 on machines with UMC installed. If not using the 'RT Server' type of UMC machine, port 4004 can be blocked everywhere without impacting other UMC machine types.

Added: Sep 9, 2025, 9:25 AM

Updated: Sep 9, 2025, 5:04 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.5

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.5

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Siemens SIMATIC PCS neo and User Management Component Out-of-Bounds Read Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating