What are the Siemens User Management Component (UMC) vulnerabilities?

Siemens has disclosed multiple security vulnerabilities in its User Management Component (UMC) including CVE-2025-40795 (CVSS 9.3) stack-based buffer overflow, and CVE-2025-40796, CVE-2025-40797, CVE-2025-40798 (all CVSS 8.7) out-of-bounds read vulnerabilities. These enable remote attackers to execute arbitrary code or cause denial-of-service conditions without authentication.

What is CVE-2025-40795 and how severe is it?

CVE-2025-40795 has a CVSS score of 9.3 and is a Stack-based Buffer Overflow vulnerability that allows unauthenticated remote attackers to execute arbitrary code with full system privileges. This represents the most critical vulnerability in the UMC security advisory.

What are CVE-2025-40796, CVE-2025-40797, and CVE-2025-40798?

CVE-2025-40796, CVE-2025-40797, and CVE-2025-40798 are all Out-of-bounds Read vulnerabilities with CVSS scores of 8.7. These vulnerabilities can be exploited by remote attackers to cause denial-of-service conditions or potentially access sensitive information.

Which Siemens products are affected by the UMC vulnerabilities?

The affected products include Siemens SIMATIC PCS neo V4.1 and V5.0 (all versions), and User Management Component versions prior to 2.15.1.3. Both standalone UMC installations and embedded implementations are affected.

What is the Siemens User Management Component (UMC)?

The User Management Component (UMC) is a Siemens software component that handles user authentication and access control for various Siemens industrial automation systems. It can be deployed as standalone installations or embedded within other Siemens products like SIMATIC PCS neo.

Is there a patch available for the UMC vulnerabilities?

Siemens has released UMC version 2.15.1.3, which addresses all four vulnerabilities. However, patching options vary by product: standalone UMC installations can be immediately updated, while some affected product lines like SIMATIC PCS neo V4.1 and V5.0 have no fixes currently planned.

Will Siemens patch the SIMATIC PCS neo systems?

No, Siemens has indicated that no fixes are currently planned for SIMATIC PCS neo V4.1 and V5.0 systems, creating gaps in vendor support for these embedded implementations of the vulnerable UMC components.

What workarounds are available for unpatched UMC systems?

For systems where immediate patching is not feasible, Siemens recommends blocking TCP ports 4002 and 4004 on machines with UMC installed. Organizations not using 'RT Server' type UMC machines can block port 4004 entirely without impacting network functionality for other UMC machine types.

Which TCP ports should be blocked to protect UMC systems?

Siemens recommends blocking TCP ports 4002 and 4004 on machines with UMC installed in non-networked scenarios. Port 4004 can be blocked entirely for organizations not using 'RT Server' type UMC machines without affecting other machine types like Server, Ring-Server, and Agent configurations.

What UMC machine types are mentioned and how do they differ?

Siemens mentions several UMC machine types including RT Server, Server, Ring-Server, and Agent configurations. The RT Server type specifically requires TCP port 4004, while other machine types can function normally even if this port is blocked.

Can the UMC buffer overflow be exploited remotely?

Yes, the critical buffer overflow vulnerability (CVE-2025-40795) allows unauthenticated remote attackers to execute arbitrary code with full system privileges, making it extremely dangerous for any UMC system accessible over a network.

What immediate actions should organizations take for UMC vulnerabilities?

Organizations should immediately update standalone UMC installations to version 2.15.1.3, implement network segmentation to isolate affected systems, block TCP ports 4002 and 4004 where appropriate, and evaluate replacement options for SIMATIC PCS neo systems that cannot be patched.

Why are the UMC vulnerabilities particularly dangerous?

These vulnerabilities are particularly dangerous because they affect user management components that control access to critical industrial systems, require no authentication to exploit, and can result in complete system compromise with full privileges. The lack of patches for embedded systems compounds the risk.

Should UMC systems be connected to external networks?

Given the critical nature of these vulnerabilities and the lack of patches for some product lines, UMC systems should be isolated from external networks and operated within highly protected environments with strict access controls and network monitoring.

What should organizations do with unpatched SIMATIC PCS neo systems?

For SIMATIC PCS neo V4.1 and V5.0 systems that cannot be patched, organizations should implement strict network isolation, block the recommended TCP ports, monitor for suspicious activity, and consider migration to newer supported versions or alternative solutions if security requirements are critical.

Advisory

Multiple vulnerabilities in Siemens User Management Component affect industrial control systems

published: Sept. 11, 2025

Take action: If you have Siemens User Management Component (UMC), limit access to TCP ports 4002 and 4004 only to necessary systems. Then where possible, plan a quick update to version 2.15.1.3. Be aware that SIMATIC PCS neo V4.1 and V5.0 systems can't be patched and should be isolated from untrusted networks.

Learn More

Siemens is reporting multiple security vulnerabilities in its User Management Component (UMC) that enable remote attackers to execute arbitrary code or cause denial-of-service conditions without authentication.

Vulnerabilities summary:

CVE-2025-40795 (CVSS score 9.3) - Stack-based Buffer Overflow that allows unauthenticated remote attackers to execute arbitrary code with full system privileges
CVE-2025-40796 (CVSS score 8.7) - Out-of-bounds Read
CVE-2025-40797 (CVSS score 8.7) - Out-of-bounds Read
CVE-2025-40798 (CVSS score 8.7) - Out-of-bounds Read

The affected products include

Siemens SIMATIC PCS neo V4.1 and V5.0 (all versions),
User Management Component versions prior to 2.15.1.3.

Siemens has released UMC version 2.15.1.3, which addresses all four vulnerabilities. Organizations using standalone UMC installations should immediately update to this patched version. Pacthing for embedded implementations is complex as some affected product lines have gaps in vendor support. Siemens has indicated that no fixes are currently planned for SIMATIC PCS neo V4.1 and V5.0 systems.

For systems where immediate patching is not feasible, Siemens recommends blocking TCP ports 4002 and 4004 on machines with UMC installed in non-networked scenarios. Organizations not using 'RT Server' type UMC machines can block port 4004 entirely without impacting network functionality for other UMC machine types including Server, Ring-Server, and Agent configurations.

Multiple vulnerabilities in Siemens User Management Component affect industrial control systems

Read More
Schneider Electric Patches Critical Redis Vulnerabilities in Plant …
Critical Flaws in Dormakaba Access Systems Allow Remote …
Multiple flaws, one critical found in Contec Health …
Authentication bypass flaw reported in Packet Power Infrastructure …
Siemens warns of vulerabilities in SICAM enabling attackers …