CVE-2025-30174 Siemens CVE debrief

Who should care

Siemens customers and operators of SIMATIC PCS neo, SINEC NMS, SINEMA Remote Connect, TIA Portal V17/V18/V19/V20, and any environment using the affected UMC component. OT/ICS administrators, plant engineers, and defenders responsible for network exposure and patch management should prioritize it.

Technical summary

The advisory describes an out-of-bound read buffer overflow vulnerability in the integrated UMC component. The attack requires no authentication and can be carried out remotely over the network, with the stated impact being denial of service rather than confidentiality or integrity compromise.

Defensive priority

High. The issue is network-exploitable, unauthenticated, and can disrupt availability across multiple Siemens industrial products. Prioritize remediation where vendor fixes exist, and apply the documented mitigations immediately for products with no fix planned.

Recommended defensive actions

• Inventory affected Siemens products and confirm whether the integrated UMC component is present in your deployment.
• Apply vendor updates where available: UMC V2.15.1.1 or later for UMC-dependent products, and SINEC NMS V4.0 or later where applicable.
• For SIMATIC PCS neo V4.1 and V5.0, follow the vendor mitigation and block TCP ports 4002 and 4004 on machines with UMC installed; if no RT server machines are used, block port 4004 completely.
• Review exposure of the affected services and restrict network access to the smallest necessary set of hosts and segments.
• Track the Siemens and CISA advisories for product-specific remediation updates and revision history.

Evidence notes

This debrief is based on the CISA CSAF advisory ICSA-25-135-09 and Siemens advisory SSA-614723 listed in the supplied source corpus. The source data shows publication on 2025-05-13 and a later revision on 2025-10-14 that added 'no fix planned' for SIMATIC PCS neo V5.0. The corpus also indicates the issue is not in CISA KEV as provided.

Official resources