216.73.217.47

CVE-2025-30174

· Published 13/05/2025 10:15 · Modified 13/05/2025 10:15

Labels: CVE-2025-30174 2025-05-13CVE-2025-30174CWE-125[email protected]

Essential information

Published
13/05/2025 10:15
Modified
13/05/2025 10:15
Author
Creator
CVSS
8.7 HIGH (v3) 8.7 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions), User Management Component (UMC) (All versions < V2.15.1.1). Affected products contain a out of bound read buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
siemens / simatic pcs neo cpe:2.3:a:siemens:simatic_pcs_neo:*:*:*:*:*:*:*:*
siemens / sinec nms cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*
siemens / sinema remote connect cpe:2.3:a:siemens:sinema_remote_connect:*:*:*:*:*:*:*:*
siemens / tia portal cpe:2.3:a:siemens:tia_portal:17:*:*:*:*:*:*:*
siemens / tia portal cpe:2.3:a:siemens:tia_portal:18:*:*:*:*:*:*:*
siemens / tia portal cpe:2.3:a:siemens:tia_portal:19:*:*:*:*:*:*:*
siemens / tia portal cpe:2.3:a:siemens:tia_portal:20:*:*:*:*:*:*:*
siemens / user management component cpe:2.3:a:siemens:user_management_component:<2.15.1.1:*:*:*:*:*:*:*

References