Full Report
Siemens User Management Component (UMC) is affected by three vulnerabilities which could allow an unauthenticated remote attacker to cause a denial of service condition. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
Analysis Summary
# Vulnerability: Denial of Service in Siemens User Management Component (UMC)
## CVE Details
- **CVE ID:**
- CVE-2025-30174
- CVE-2025-30175
- CVE-2025-30176
- **CVSS Score:**
- CVSS v3.1: 7.5 (High)
- CVSS v4.0: 8.7 (High)
- **CWE:**
- CWE-125: Out-of-bounds Read (CVE-2025-30174, CVE-2025-30176)
- CWE-787: Out-of-bounds Write (CVE-2025-30175)
## Affected Systems
- **Products:**
- SIMATIC PCS neo (V4.1, V5.0)
- SINEC NMS
- SINEMA Remote Connect
- TIA Portal (V17, V18)
- **Versions:**
- SINEC NMS: All versions < V4.0
- TIA Portal/SINEMA Remote Connect: Versions using UMC < V2.15.1.1
- SIMATIC PCS neo: All versions of V4.1 and V5.0
- **Configurations:** Systems utilizing the integrated User Management Component (UMC) for identity and access management.
## Vulnerability Description
The integrated Siemens User Management Component (UMC) is affected by three memory safety vulnerabilities (two out-of-bounds reads and one out-of-bounds write). An unauthenticated remote attacker can exploit these flaws by sending specially crafted packets to the UMC service. Successful exploitation triggers a buffer overflow or invalid memory access, resulting in a crash and a subsequent Denial of Service (DoS) condition for the authentication services of the affected product.
## Exploitation
- **Status:** Not exploited (No known reports of exploitation in the wild at time of advisory).
- **Complexity:** Low
- **Attack Vector:** Network (Remote)
## Impact
- **Confidentiality:** None
- **Integrity:** None
- **Availability:** High (Total loss of service for the UMC component)
## Remediation
### Patches
- **SINEC NMS:** Update to V4.0 or later.
- **TIA Portal (V17/V18):** Update UMC to V2.15.1.1 or later compatible version.
- **SINEMA Remote Connect:** Update UMC to V2.15.1.1 or later compatible version.
### Workarounds
- **SIMATIC PCS neo (V4.1/V5.0):** No fix planned. Siemens recommends following general security recommendations and applying defense-in-depth measures.
- **General Mitigation:** Restrict access to the UMC service ports to trusted IP addresses and internal networks only.
## Detection
- **Indicators of Compromise:** Unexpected crashing of UMC-related processes or services; logs indicating memory access violations or service restarts following network traffic from unknown sources.
- **Detection Methods and Tools:** Monitor network traffic for anomalous requests targeting UMC ports; utilize Siemens ProductCERT tools and advisories to verify component versions.
## References
- **Vendor Advisory:** SSA-614723
- **Siemens ProductCERT:** hxxps://cert-portal.siemens[.]com/productcert/html/ssa-614723.html
- **Update Link:** hxxps://support.industry.siemens[.]com/cs/ww/en/view/109987708/
- **Update Link:** hxxps://support.industry.siemens[.]com/cs/ww/en/view/109989514/