CVE-2025-30175

EPSS 0.09%
Veröffentlicht 13.05.2025 09:38:38
Zuletzt bearbeitet 03.10.2025 19:52:42
Quelle productcert@siemens.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions), User Management Component (UMC) (All versions < V2.15.1.1). Affected products contain a out of bound write buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Siemens ≫ Simatic Pcs Neo Version4.1

Siemens ≫ Simatic Pcs Neo Version5.0

Siemens ≫ Sinec Nms Version < 4.0

Siemens ≫ Sinema Remote Connect Version-

Siemens ≫ Totally Integrated Automation Portal Version17

Siemens ≫ Totally Integrated Automation Portal Version18

Siemens ≫ Totally Integrated Automation Portal Version19

Siemens ≫ Totally Integrated Automation Portal Version20

Siemens ≫ User Management Component Version < 2.15.1.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.266

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
productcert@siemens.com	8.7	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
productcert@siemens.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://cert-portal.siemens.com/productcert/html/ssa-614723.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-30175

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-30175

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-30175

EUVD