CVE-2025-30176

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-30176
A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions), User Management Component (UMC) (All versions < V2.15.1.1). Affected products contain a out of bound read buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://cert-portal.siemens.com/productcert/html/ssa-614723.html Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:siemens:simatic_pcs_neo:4.1:*:*:*:*:*:*:*
cpe:2.3:a:siemens:simatic_pcs_neo:5.0:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinema_remote_connect:-:*:*:*:*:*:*:*
cpe:2.3:a:siemens:totally_integrated_automation_portal:17:*:*:*:*:*:*:*
cpe:2.3:a:siemens:totally_integrated_automation_portal:18:*:*:*:*:*:*:*
cpe:2.3:a:siemens:totally_integrated_automation_portal:19:*:*:*:*:*:*:*
cpe:2.3:a:siemens:totally_integrated_automation_portal:20:*:*:*:*:*:*:*
cpe:2.3:a:siemens:user_management_component:*:*:*:*:*:*:*:*
History

03 Oct 2025, 19:52

Type Values Removed Values Added
References () https://cert-portal.siemens.com/productcert/html/ssa-614723.html - () https://cert-portal.siemens.com/productcert/html/ssa-614723.html - Vendor Advisory
First Time Siemens user Management Component
Siemens sinec Nms
Siemens
Siemens totally Integrated Automation Portal
Siemens sinema Remote Connect
Siemens simatic Pcs Neo
CPE cpe:2.3:a:siemens:totally_integrated_automation_portal:20:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinema_remote_connect:-:*:*:*:*:*:*:*
cpe:2.3:a:siemens:simatic_pcs_neo:5.0:*:*:*:*:*:*:*
cpe:2.3:a:siemens:totally_integrated_automation_portal:19:*:*:*:*:*:*:*
cpe:2.3:a:siemens:simatic_pcs_neo:4.1:*:*:*:*:*:*:*
cpe:2.3:a:siemens:user_management_component:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:totally_integrated_automation_portal:18:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:totally_integrated_automation_portal:17:*:*:*:*:*:*:*

08 Jul 2025, 11:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-05-13 10:15

Updated : 2025-10-03 19:52

NVD link : CVE-2025-30176

Mitre link : CVE-2025-30176

CVE.ORG link : CVE-2025-30176

JSON object : View

Products Affected

siemens

  • sinec_nms
  • totally_integrated_automation_portal
  • simatic_pcs_neo
  • sinema_remote_connect
  • user_management_component
CWE
CWE-125

Out-of-bounds Read