CVE-2024-49775 (CVSS 9.8): Critical Vulnerability in Siemens UMC Exposes Systems to Remote Exploitation

by do son · December 19, 2024

Siemens has disclosed a critical heap-based buffer overflow vulnerability (CVE-2024-49775) in its User Management Component (UMC), a core element integrated into several of its products. If exploited, this flaw could allow unauthenticated remote attackers to execute arbitrary code, posing a severe risk to industrial and enterprise environments.

Siemens detailed the issue in a security advisory, stating that “affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.” The vulnerability is rated as critical, with a CVSS v3.1 base score of 9.8 and a slightly reduced CVSS v4.0 score of 9.3, reflecting its potential for widespread exploitation and severe impact.

The advisory identifies a range of affected Siemens products, including:

Opcenter Execution Foundation
Opcenter Intelligence
Opcenter Quality
Opcenter RDL
SIMATIC PCS neo (various versions)
Totally Integrated Automation Portal (TIA Portal) (versions 16 through 19)

For most of these products, fixes are not yet available, and Siemens has urged administrators to apply recommended mitigations.

Siemens has provided specific workarounds to mitigate the risk associated with CVE-2024-49775. Key measures include:

Filtering ports 4002 and 4004 to allow connections only from machines within the UMC network.
Blocking port 4004 entirely if no RT server machines are in use.

Administrators are advised to implement these recommendations promptly while awaiting permanent fixes for their environments. Siemens has also indicated that products like TIA Portal V20 incorporate a fixed version of UMC and are not vulnerable.