PatchSiren cyber security CVE debrief
CVE-2025-30175 Siemens CVE debrief
CVE-2025-30175 is an out-of-bounds write buffer overflow in Siemens’ integrated User Management Component (UMC). According to the public advisory, an unauthenticated remote attacker could use the flaw to cause a denial-of-service condition in affected products. The issue was publicly disclosed on 2025-05-13 and later updated on 2025-10-14 to reflect additional remediation status.
- Vendor
- Siemens
- Product
- SIMATIC PCS neo V4.1
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-05-13
- Original CVE updated
- 2025-10-14
- Advisory published
- 2025-05-13
- Advisory updated
- 2025-10-14
Who should care
Siemens OT/ICS operators, plant administrators, and security teams responsible for SIMATIC PCS neo, SINEC NMS, SINEMA Remote Connect, TIA Portal, or other deployments that include the Siemens UMC component.
Technical summary
The source advisory describes a buffer overflow caused by an out-of-bounds write in the integrated UMC component. The CVSS vector provided is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, which indicates a network-reachable issue with no privileges or user interaction required and an availability impact only. The advisory links the flaw to multiple Siemens products, including SIMATIC PCS neo V4.1/V5.0, SINEC NMS, SINEMA Remote Connect, and TIA Portal V17-V20.
Defensive priority
High. The vulnerability is remotely reachable, requires no authentication, and can disrupt availability. Prioritize patching where fixes exist and apply compensating controls immediately for unpatched deployments.
Recommended defensive actions
- Apply Siemens updates where available: UMC to V2.15.1.1 or later for affected products, and SINEC NMS to V4.0 or later as directed by Siemens.
- Treat SIMATIC PCS neo V4.1 and V5.0 as higher operational-risk cases because the advisory states no fix is currently planned; use compensating controls and operational safeguards.
- In non-networked deployments, block TCP ports 4002 and 4004 on machines with UMC installed; if no RT server machines are used, block port 4004 completely.
- Limit exposure of affected systems to trusted networks only and follow Siemens/CISA industrial control system defense-in-depth guidance.
- Validate availability and recovery procedures, including service restart and backup/restore readiness, to reduce operational impact if disruption occurs.
Evidence notes
This debrief is based on the CISA CSAF advisory ICSA-25-135-09 (Siemens User Management Component (UMC)) and the Siemens advisory references included in the source corpus. The source description explicitly states that affected products contain an out-of-bounds write buffer overflow vulnerability in the integrated UMC component and that an unauthenticated remote attacker could cause a denial-of-service condition. The supplied remediation data lists vendor fixes for UMC, SINEC NMS, and other affected products, plus a mitigation to block TCP ports 4002 and 4004 in certain deployments. The supplied revision history shows an update on 2025-10-14 adding a no-fix-planned note for PCS neo V5.
Official resources
-
CVE-2025-30175 CVE record
CVE.org
-
CVE-2025-30175 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in CISA ICS Advisory ICSA-25-135-09 on 2025-05-13; the source advisory was revised on 2025-10-14 to add a no-fix-planned note for SIMATIC PCS neo V5.