CVE-2025-40795 (CVSS 9.8): Critical Flaw in Siemens SIVaaS Exposes Network Share Without Authentication

Siemens has disclosed multiple vulnerabilities in its User Management Component (UMC), which is used in products like SIMATIC PCS neo. The flaws, tracked under CVE-2025-40795 through CVE-2025-40798, include a critical stack-based buffer overflow that could allow unauthenticated remote attackers to execute arbitrary code.

According to Siemens, “User Management Component (UMC) is affected by multiple vulnerabilities that could allow an unauthenticated remote attacker to execute arbitrary code or to cause a denial of service condition.”

The vulnerabilities carry a CVSS v3.1 base score of 9.8, placing them in the critical range.

CVE-2025-40795 – Stack-Based Buffer Overflow
Siemens explains: “Affected products contain a stack-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code or to cause a denial of service condition.”
CVE-2025-40796, CVE-2025-40797, CVE-2025-40798 – Out-of-Bounds Reads
Each of these vulnerabilities could let an unauthenticated remote attacker crash the affected system. Siemens warns: “Affected products contain an out-of-bounds read vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition.”

The vulnerabilities impact all versions of UMC prior to V2.15.1.3 used in SIMATIC PCS neo. Siemens urges customers to update immediately to V2.15.1.3 or later version.

When it’s not possible to patch a system right away, Siemens offers temporary solutions. For systems that aren’t connected to a network, you can block TCP ports 4002 and 4004 on any machines with UMC installed. If the “RT Server” is not in use for the UMC deployment, you can block port 4004 everywhere without affecting network functions.

Rate this post

Related Posts:

Found this helpful?

Leave a Reply Cancel reply