ID
VAR-202505-1606
CVE
CVE-2025-30174
TITLE
Out-of-bounds read vulnerabilities in multiple Siemens products
Trust: 0.8
DESCRIPTION
A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions), User Management Component (UMC) (All versions < V2.15.1.1). Affected products contain a out of bound read buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition. SINEC NMS , SINEMA Remote Connect Client , totally integrated automation portal Several Siemens products, including the above, contain vulnerabilities related to out-of-bounds reading.Service operation interruption (DoS) It may be in a state
Trust: 1.62
AFFECTED PRODUCTS
| vendor: | siemens | model: | sinema remote connect | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | siemens | model: | user management component | scope: | lt | version: | 2.15.1.1 | Trust: 1.0 |
| vendor: | siemens | model: | totally integrated automation portal | scope: | eq | version: | 17 | Trust: 1.0 |
| vendor: | siemens | model: | totally integrated automation portal | scope: | eq | version: | 19 | Trust: 1.0 |
| vendor: | siemens | model: | totally integrated automation portal | scope: | eq | version: | 20 | Trust: 1.0 |
| vendor: | siemens | model: | sinec nms | scope: | lt | version: | 4.0 | Trust: 1.0 |
| vendor: | siemens | model: | totally integrated automation portal | scope: | eq | version: | 18 | Trust: 1.0 |
| vendor: | シーメンス | model: | totally integrated automation portal | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | sinema remote connect client | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | sinec nms | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | user management component | scope: | - | version: | - | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-125 | Trust: 1.0 |
| problemtype: | Out-of-bounds read (CWE-125) [ others ] | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2025-30174 | Trust: 2.6 |
| db: | SIEMENS | id: | SSA-614723 | Trust: 1.8 |
| db: | JVN | id: | JVNVU92528757 | Trust: 0.8 |
| db: | ICS CERT | id: | ICSA-25-135-09 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2025-015584 | Trust: 0.8 |
REFERENCES
| url: | https://cert-portal.siemens.com/productcert/html/ssa-614723.html | Trust: 1.8 |
| url: | https://jvn.jp/vu/jvnvu92528757/ | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2025-30174 | Trust: 0.8 |
| url: | https://www.cisa.gov/news-events/ics-advisories/icsa-25-135-09 | Trust: 0.8 |
SOURCES
| db: | JVNDB | id: | JVNDB-2025-015584 |
| db: | NVD | id: | CVE-2025-30174 |
LAST UPDATE DATE
2025-10-12T19:54:50.502000+00:00
SOURCES UPDATE DATE
| db: | JVNDB | id: | JVNDB-2025-015584 | date: | 2025-10-09T08:39:00 |
| db: | NVD | id: | CVE-2025-30174 | date: | 2025-10-03T19:52:23.103 |
SOURCES RELEASE DATE
| db: | JVNDB | id: | JVNDB-2025-015584 | date: | 2025-10-09T00:00:00 |
| db: | NVD | id: | CVE-2025-30174 | date: | 2025-05-13T10:15:23.893 |