SSA-722410 — Vulnetix

SSA-722410 PUBLISHED CVSS 9.800000190734863 CRITICAL

Siemens' User Management Component (UMC) is affected by multiple vulnerabilities that could allow an unauthenticated remote attacker to execute arbitrary code or to cause a denial of service condition. Siemens has released a new version for User Management Component (UMC) and recommends to update to the latest version. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.

Risk Scores

CVSS v3.1

9.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
	SIMATIC PCS neo V4.1
	SIMATIC PCS neo V6.0
	SIMATIC PCS neo V5.0
	User Management Component (UMC)

Timeline

Sep 9, 2025 CVE Published
Oct 14, 2025 CVE Updated

References

https://cert-portal.siemens.com/productcert/html/ssa-722410.html advisory
https://cert-portal.siemens.com/productcert/csaf/ssa-722410.json advisory
https://support.industry.siemens.com/cs/ww/en/view/109991261/ fix

Open in Interactive Console →