Multiple Vulnerabilities in User Management Component (UMC)

Act Now9.8SSA-722410Sep 9, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Siemens' User Management Component (UMC) contains multiple vulnerabilities (CWE-121: stack-based buffer overflow; CWE-125: out-of-bounds read) that allow an unauthenticated remote attacker to execute arbitrary code or cause denial of service. The vulnerabilities affect UMC versions below 2.15.1.3 and are present in all versions of SIMATIC PCS neo V4.1, V5.0, and V6.0. An attacker with network access can send a specially crafted request to trigger code execution without needing valid credentials.

What this means

What could happen

An unauthenticated attacker could execute arbitrary code on the User Management Component or crash it, potentially disrupting authentication and authorization services for all connected SIMATIC PCS neo systems across your facility.

Who's at risk

This affects any organization using Siemens SIMATIC PCS neo (versions 4.1, 5.0, and 6.0) for process automation and control, particularly water authorities and power utilities that rely on PCS neo for supervisory control and data acquisition. The User Management Component is critical because it controls who can authenticate and make changes to control system configurations and setpoints.

How it could be exploited

An attacker with network access to the User Management Component could send a specially crafted request that exploits a buffer overflow or out-of-bounds read vulnerability (CWE-121, CWE-125) to execute arbitrary code without providing credentials. This could allow them to compromise the authentication system that protects all engineering and operator access across your SIMATIC PCS neo deployment.

Prerequisites

Network access to User Management Component (port and protocol not specified in advisory)
No credentials or authentication required

remotely exploitableno authentication requiredlow complexitycritical severity (CVSS 9.8)affects authentication/authorization systemsno fix available for SIMATIC PCS neo V4.1, V5.0, V6.0

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (4)

1 with fix3 EOL

ProductAffected VersionsFix Status

User Management Component (UMC)< 2.15.1.32.15.1.3

SIMATIC PCS neo V4.1All versionsNo fix (EOL)

SIMATIC PCS neo V5.0All versionsNo fix (EOL)

SIMATIC PCS neo V6.0All versionsNo fix (EOL)

Remediation & Mitigation

0/3

Do now

0/2

HARDENINGIsolate User Management Component behind a firewall or network segmentation boundary to restrict access to only authorized engineering workstations and SIMATIC PCS neo systems that require it

WORKAROUNDMonitor network traffic to the User Management Component for unusual connection patterns or requests until patching is complete

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

User Management Component (UMC)

HOTFIXUpdate User Management Component (UMC) to version 2.15.1.3 or later

CVEs (4)

CVE-2025-40795 CVE-2025-40796 CVE-2025-40797 CVE-2025-40798

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/91fc5675-3324-4e25-a708-57385bf0e35a