VDB
ICSA-25-254-07
ICSA-25-254-07
PUBLISHED
CVSS 7.5 HIGH
Siemens' User Management Component (UMC) is affected by multiple vulnerabilities that could allow an unauthenticated remote attacker to execute arbitrary code or to cause a denial of service condition. Siemens has released a new version for User Management Component (UMC) and recommends to update to the latest version. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SIMATIC PCS neo V5.0 | ||
| SIMATIC PCS neo V4.1 | ||
| User Management Component (UMC) | ||
| SIMATIC PCS neo V6.0 |
Timeline
- Sep 9, 2025 CVE Published
- Oct 14, 2025 CVE Updated
References
- https://cert-portal.siemens.com/productcert/csaf/ssa-722410.json advisory
- https://cert-portal.siemens.com/productcert/html/ssa-722410.html advisory
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-254-07.json advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-25-254-07 advisory
- https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01 url
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
- https://www.cisa.gov/topics/industrial-control-systems url
- https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
- https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b url
- https://support.industry.siemens.com/cs/ww/en/view/109991261/ fix