CVE-2025-30174

Summary

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions), User Management Component (UMC) (All versions < V2.15.1.1). Affected products contain a out of bound read buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition.

Affected Software

VendorProductVersion RangeStatus
SiemensSIMATIC PCS neo V4.10 < *affected
SiemensSIMATIC PCS neo V5.00 < *affected
SiemensSINEC NMS0 < V4.0affected
SiemensSINEMA Remote Connect0 < *affected
SiemensTotally Integrated Automation Portal (TIA Portal) V170 < *affected
SiemensTotally Integrated Automation Portal (TIA Portal) V180 < *affected
SiemensTotally Integrated Automation Portal (TIA Portal) V190 < *affected
SiemensTotally Integrated Automation Portal (TIA Portal) V200 < *affected
SiemensUser Management Component (UMC)0 < V2.15.1.1affected

Weaknesses

  • CWE-125: CWE-125: Out-of-bounds Read

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References