PatchSiren cyber security CVE debrief
CVE-2025-30176 Siemens CVE debrief
CVE-2025-30176 is a Siemens-advised unauthenticated remote denial-of-service issue in the integrated User Management Component (UMC) used across multiple industrial products. Because the attack is network reachable and requires no authentication, affected operators should treat it as a high-priority availability risk.
- Vendor
- Siemens
- Product
- SIMATIC PCS neo V4.1
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-05-13
- Original CVE updated
- 2025-10-14
- Advisory published
- 2025-05-13
- Advisory updated
- 2025-10-14
Who should care
Siemens OT/ICS operators and admins using SIMATIC PCS neo V4.1/V5.0, SINEC NMS, SINEMA Remote Connect, TIA Portal V17/V18/V19/V20, or standalone UMC deployments. Teams responsible for exposed UMC services or segmentation on industrial networks should prioritize this advisory.
Technical summary
The advisory describes an out-of-bounds read / buffer overflow condition in the integrated UMC component. Siemens and CISA classify the issue as remotely exploitable over the network with no privileges or user interaction required (CVSS 3.1: 7.5, AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). The stated impact is denial of service. Remediation varies by product: some products have UMC or product updates available, while SIMATIC PCS neo V4.1 and V5.0 are listed as having no fix planned in the advisory revision history.
Defensive priority
High — unauthenticated network DoS in ICS software can affect availability quickly, so apply vendor fixes and mitigations promptly.
Recommended defensive actions
- Update UMC to V2.15.1.1 or later where Siemens lists that compatible fix.
- Update SINEC NMS to V4.0 or later, per the advisory.
- For SINEMA Remote Connect and TIA Portal V17/V18/V19/V20, update UMC to V2.15.1.1 or later compatible versions.
- For SIMATIC PCS neo V4.1 and V5.0, follow the advisory mitigations because the revision history states no fix is currently planned.
- In non-networked deployments, block TCP ports 4002 and 4004 on machines with UMC installed; if no RT server machines are used, port 4004 can be blocked completely.
- Apply ICS segmentation and least-exposure practices consistent with CISA recommended practices for industrial control systems.
Evidence notes
CVE-2025-30176 was published on 2025-05-13 and last modified on 2025-10-14. The source advisory is CISA ICSA-25-135-09 / Siemens SSA-614723. The revision history notes a 2025-07-08 update adding a fix for SINEC NMS V4.0 and a 2025-10-14 update adding 'no fix planned' for PCS neo V5.0. The advisory lists nine affected Siemens products and describes the issue as an unauthenticated remote denial-of-service condition. No KEV listing was provided in the source corpus.
Official resources
-
CVE-2025-30176 CVE record
CVE.org
-
CVE-2025-30176 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed on 2025-05-13 via Siemens/CISA advisory ICSA-25-135-09 (SSA-614723). The advisory was revised on 2025-07-08 and 2025-10-14. No Known Exploited Vulnerabilities listing was provided in the source corpus.