ID
VAR-202505-1605
CVE
CVE-2025-30175
TITLE
Out-of-bounds write vulnerabilities in multiple Siemens products
Trust: 0.8
DESCRIPTION
A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions), User Management Component (UMC) (All versions < V2.15.1.1). Affected products contain a out of bound write buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition. SIMATIC PCS neo , SINEC NMS , SINEMA Remote Connect Client Several Siemens products contain an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state
Trust: 1.62
AFFECTED PRODUCTS
| vendor: | siemens | model: | sinema remote connect | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | siemens | model: | sinec nms | scope: | lt | version: | 4.0 | Trust: 1.0 |
| vendor: | siemens | model: | totally integrated automation portal | scope: | eq | version: | 20 | Trust: 1.0 |
| vendor: | siemens | model: | user management component | scope: | lt | version: | 2.15.1.1 | Trust: 1.0 |
| vendor: | siemens | model: | totally integrated automation portal | scope: | eq | version: | 17 | Trust: 1.0 |
| vendor: | siemens | model: | simatic pcs neo | scope: | eq | version: | 4.1 | Trust: 1.0 |
| vendor: | siemens | model: | totally integrated automation portal | scope: | eq | version: | 19 | Trust: 1.0 |
| vendor: | siemens | model: | simatic pcs neo | scope: | eq | version: | 5.0 | Trust: 1.0 |
| vendor: | siemens | model: | totally integrated automation portal | scope: | eq | version: | 18 | Trust: 1.0 |
| vendor: | シーメンス | model: | user management component | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | totally integrated automation portal | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | sinec nms | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | simatic pcs neo | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | sinema remote connect client | scope: | - | version: | - | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-787 | Trust: 1.0 |
| problemtype: | Out-of-bounds writing (CWE-787) [ others ] | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2025-30175 | Trust: 2.6 |
| db: | SIEMENS | id: | SSA-614723 | Trust: 1.8 |
| db: | ICS CERT | id: | ICSA-25-135-09 | Trust: 0.8 |
| db: | JVN | id: | JVNVU92528757 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2025-015338 | Trust: 0.8 |
REFERENCES
| url: | https://cert-portal.siemens.com/productcert/html/ssa-614723.html | Trust: 1.8 |
| url: | https://jvn.jp/vu/jvnvu92528757/ | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2025-30175 | Trust: 0.8 |
| url: | https://www.cisa.gov/news-events/ics-advisories/icsa-25-135-09 | Trust: 0.8 |
SOURCES
| db: | JVNDB | id: | JVNDB-2025-015338 |
| db: | NVD | id: | CVE-2025-30175 |
LAST UPDATE DATE
2025-10-10T21:55:26.672000+00:00
SOURCES UPDATE DATE
| db: | JVNDB | id: | JVNDB-2025-015338 | date: | 2025-10-07T09:29:00 |
| db: | NVD | id: | CVE-2025-30175 | date: | 2025-10-03T19:52:42.610 |
SOURCES RELEASE DATE
| db: | JVNDB | id: | JVNDB-2025-015338 | date: | 2025-10-07T00:00:00 |
| db: | NVD | id: | CVE-2025-30175 | date: | 2025-05-13T10:15:24.103 |