SSA-614723

Siemens Security Advisory by Siemens ProductCERT

SSA-614723: Denial of Service Vulnerabilities in User Management Component (UMC)

Publication Date:	2025-05-13
Last Update:	2025-07-08
Current Version:	V1.1
CVSS v3.1 Base Score:	7.5
CVSS v4.0 Base Score:	8.7

SUMMARY

Siemens User Management Component (UMC) is affected by three vulnerabilities which could allow an unauthenticated remote attacker to cause a denial of service condition.

Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.

KNOWN AFFECTED PRODUCTS

Un-/Collapse All

Affected Product and Versions	Remediation
SIMATIC PCS neo	Show more details See recommendations from section Workarounds and Mitigations
SIMATIC PCS neo V4.1 All versions affected by all CVEs CVE-2025-30174 CVE-2025-30175 CVE-2025-30176	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC PCS neo V5.0 All versions affected by all CVEs CVE-2025-30174 CVE-2025-30175 CVE-2025-30176	Currently no fix is available See recommendations from section Workarounds and Mitigations
SINEC NMS All versions < V4.0 affected by all CVEs CVE-2025-30174 CVE-2025-30175 CVE-2025-30176	Update to V4.0 or later version https://support.industry.siemens.com/cs/ww/en/view/109989514/ See further recommendations from section Workarounds and Mitigations
SINEMA Remote Connect All versions affected by all CVEs CVE-2025-30174 CVE-2025-30175 CVE-2025-30176	Update UMC to V2.15.1.1 or later compatible version https://support.industry.siemens.com/cs/ww/en/view/109987708/ See further recommendations from section Workarounds and Mitigations
Totally Integrated Automation Portal (TIA Portal)	Update UMC to V2.15.1.1 or later compatible version https://support.industry.siemens.com/cs/ww/en/view/109987708/ See recommendations from section Workarounds and Mitigations
Totally Integrated Automation Portal (TIA Portal) V17 All versions affected by all CVEs CVE-2025-30174 CVE-2025-30175 CVE-2025-30176	Update UMC to V2.15.1.1 or later compatible version https://support.industry.siemens.com/cs/ww/en/view/109987708/ See further recommendations from section Workarounds and Mitigations
Totally Integrated Automation Portal (TIA Portal) V18 All versions affected by all CVEs CVE-2025-30174 CVE-2025-30175 CVE-2025-30176	Update UMC to V2.15.1.1 or later compatible version https://support.industry.siemens.com/cs/ww/en/view/109987708/ See further recommendations from section Workarounds and Mitigations
Totally Integrated Automation Portal (TIA Portal) V19 All versions affected by all CVEs CVE-2025-30174 CVE-2025-30175 CVE-2025-30176	Update UMC to V2.15.1.1 or later compatible version https://support.industry.siemens.com/cs/ww/en/view/109987708/ See further recommendations from section Workarounds and Mitigations
Totally Integrated Automation Portal (TIA Portal) V20 All versions affected by all CVEs CVE-2025-30174 CVE-2025-30175 CVE-2025-30176	Update UMC to V2.15.1.1 or later compatible version https://support.industry.siemens.com/cs/ww/en/view/109987708/ See further recommendations from section Workarounds and Mitigations
User Management Component (UMC) All versions < V2.15.1.1 affected by all CVEs CVE-2025-30174 CVE-2025-30175 CVE-2025-30176	Update to V2.15.1.1 or later version https://support.industry.siemens.com/cs/ww/en/view/109987708/ See further recommendations from section Workarounds and Mitigations

WORKAROUNDS AND MITIGATIONS

Siemens has identified the following specific workarounds and mitigations that customers can apply to reduce the risk:

CVE-2025-30174, CVE-2025-30175, CVE-2025-30176: In non-networked scenarios/deployments block TCP ports 4002 and 4004 on machines with UMC installed. In addition if no RT server machines are used, port 4004 can be blocked completely

Please follow the General Security Recommendations.

GENERAL SECURITY RECOMMENDATIONS

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

PRODUCT DESCRIPTION

SIMATIC PCS neo is a distributed control system (DCS).

SINEC NMS is a new generation of the Network Management System (NMS) for the Digital Enterprise. This system can be used to centrally monitor, manage, and configure networks.

SINEMA Remote Connect is a management platform for remote networks that enables the simple management of tunnel connections (VPN) between headquarters, service technicians, and installed machines or plants. It provides both the Remote Connect Server, which is the server application, and the Remote Connect Client, which is an OpenVPN client for optimal connection to SINEMA Remote Connect Server.

Totally Integrated Automation Portal (TIA Portal) is a PC software that provides access to the complete range of Siemens digitalized automation services, from digital planning and integrated engineering to transparent operation.

User Management Component (UMC) enables for plant-wide central maintenance of users with optional integration with Microsoft Active Directories.

VULNERABILITY DESCRIPTION

Un-/Collapse All

This chapter describes all vulnerabilities (CVE-IDs) addressed in this security advisory. Wherever applicable, it also documents the product-specific impact of the individual vulnerabilities.

Vulnerability CVE-2025-30174

Affected products contain a out of bound read buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition.

CVSS v3.1 Base Score	7.5
CVSS v3.1 Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS v4.0 Base Score	8.7
CVSS v4.0 Vector	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CWE	CWE-125: Out-of-bounds Read

Vulnerability CVE-2025-30175

Affected products contain a out of bound write buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition.

CVSS v3.1 Base Score	7.5
CVSS v3.1 Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS v4.0 Base Score	8.7
CVSS v4.0 Vector	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CWE	CWE-787: Out-of-bounds Write

Vulnerability CVE-2025-30176

CVSS v3.1 Base Score	7.5
CVSS v3.1 Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS v4.0 Base Score	8.7
CVSS v4.0 Vector	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CWE	CWE-125: Out-of-bounds Read

ACKNOWLEDGMENTS

Siemens thanks the following party for its efforts:

Tenable for coordinated disclosure

ADDITIONAL INFORMATION

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

HISTORY DATA

V1.0 (2025-05-13):	Publication Date
V1.1 (2025-07-08):	Added fix for SINEC NMS V4.0

The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.