ID
VAR-202505-1607
CVE
CVE-2025-30176
TITLE
Out-of-bounds read vulnerabilities in multiple Siemens products
Trust: 0.8
DESCRIPTION
A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions), User Management Component (UMC) (All versions < V2.15.1.1). Affected products contain a out of bound read buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition. SIMATIC PCS neo , SINEC NMS , SINEMA Remote Connect Client Several Siemens products, including the above, contain vulnerabilities related to out-of-bounds reading.Service operation interruption (DoS) It may be in a state
Trust: 1.62
AFFECTED PRODUCTS
| vendor: | siemens | model: | sinema remote connect | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | siemens | model: | sinec nms | scope: | lt | version: | 4.0 | Trust: 1.0 |
| vendor: | siemens | model: | totally integrated automation portal | scope: | eq | version: | 20 | Trust: 1.0 |
| vendor: | siemens | model: | user management component | scope: | lt | version: | 2.15.1.1 | Trust: 1.0 |
| vendor: | siemens | model: | totally integrated automation portal | scope: | eq | version: | 17 | Trust: 1.0 |
| vendor: | siemens | model: | simatic pcs neo | scope: | eq | version: | 4.1 | Trust: 1.0 |
| vendor: | siemens | model: | totally integrated automation portal | scope: | eq | version: | 19 | Trust: 1.0 |
| vendor: | siemens | model: | simatic pcs neo | scope: | eq | version: | 5.0 | Trust: 1.0 |
| vendor: | siemens | model: | totally integrated automation portal | scope: | eq | version: | 18 | Trust: 1.0 |
| vendor: | シーメンス | model: | totally integrated automation portal | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | simatic pcs neo | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | sinec nms | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | sinema remote connect client | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | user management component | scope: | - | version: | - | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-125 | Trust: 1.0 |
| problemtype: | Out-of-bounds read (CWE-125) [ others ] | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2025-30176 | Trust: 2.6 |
| db: | SIEMENS | id: | SSA-614723 | Trust: 1.8 |
| db: | JVN | id: | JVNVU92528757 | Trust: 0.8 |
| db: | ICS CERT | id: | ICSA-25-135-09 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2025-015795 | Trust: 0.8 |
REFERENCES
| url: | https://cert-portal.siemens.com/productcert/html/ssa-614723.html | Trust: 1.8 |
| url: | https://jvn.jp/vu/jvnvu92528757/ | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2025-30176 | Trust: 0.8 |
| url: | https://www.cisa.gov/news-events/ics-advisories/icsa-25-135-09 | Trust: 0.8 |
SOURCES
| db: | JVNDB | id: | JVNDB-2025-015795 |
| db: | NVD | id: | CVE-2025-30176 |
LAST UPDATE DATE
2025-10-12T20:49:04.141000+00:00
SOURCES UPDATE DATE
| db: | JVNDB | id: | JVNDB-2025-015795 | date: | 2025-10-10T08:41:00 |
| db: | NVD | id: | CVE-2025-30176 | date: | 2025-10-03T19:52:59.380 |
SOURCES RELEASE DATE
| db: | JVNDB | id: | JVNDB-2025-015795 | date: | 2025-10-10T00:00:00 |
| db: | NVD | id: | CVE-2025-30176 | date: | 2025-05-13T10:15:24.293 |