Description
A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions), User Management Component (UMC) (All versions < V2.15.1.1). Affected products contain a out of bound read buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition.
References (1)
Core 1
Core References
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-614723.html
Scores
CVSS v3
7.5
EPSS
0.0025
EPSS Percentile
48.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-125
Status
published
Products (7)
siemens/sinec_nms
< 4.0
siemens/sinema_remote_connect
siemens/totally_integrated_automation_portal
17
siemens/totally_integrated_automation_portal
18
siemens/totally_integrated_automation_portal
19
siemens/totally_integrated_automation_portal
20
siemens/user_management_component
< 2.15.1.1
Published
May 13, 2025
Tracked Since
Feb 18, 2026