What vulnerabilities were discovered in Siemens User Management Component?

Siemens has released security advisories patching multiple vulnerabilities in its User Management Component (UMC). These include two critical vulnerabilities with CVSS scores of 9.8 (CVE-2024-33698 and CVE-2025-40795) that allow unauthenticated remote code execution, and three high-severity vulnerabilities with CVSS scores of 7.5 (CVE-2025-40796, CVE-2025-40797, and CVE-2025-40798) that allow denial of service attacks.

What is CVE-2024-33698?

CVE-2024-33698 is a critical heap-based buffer overflow vulnerability with a CVSS score of 9.8 in Siemens User Management Component. This vulnerability could allow an unauthenticated remote attacker to execute arbitrary code on affected systems, potentially leading to complete system compromise.

What is CVE-2025-40795?

CVE-2025-40795 is a critical stack-based buffer overflow vulnerability with a CVSS score of 9.8 in Siemens User Management Component. This vulnerability could allow unauthenticated remote attackers to execute arbitrary code or cause denial of service conditions on affected systems.

What are CVE-2025-40796, CVE-2025-40797, and CVE-2025-40798?

CVE-2025-40796, CVE-2025-40797, and CVE-2025-40798 are three separate out-of-bounds read vulnerabilities, each with a CVSS score of 7.5. All three vulnerabilities allow unauthenticated remote attackers to cause denial of service conditions on affected Siemens User Management Component systems.

What Siemens products are affected by the UMC vulnerabilities?

Affected products include Opcenter Quality (all versions prior to V2406), Opcenter RDnL (all versions prior to V2410), SIMATIC PCS neo, SINEC NMS (all versions), SINEMA Remote Connect Client (all versions prior to V3.2 SP3), Totally Integrated Automation Portal (TIA Portal), and Standalone User Management Component (all versions prior to V2.15.1.3). These are industrial automation and management products widely used in critical infrastructure.

What are the CVSS severity scores for the Siemens UMC vulnerabilities?

Two vulnerabilities have critical CVSS scores of 9.8: CVE-2024-33698 (heap-based buffer overflow) and CVE-2025-40795 (stack-based buffer overflow). Three vulnerabilities have high CVSS scores of 7.5: CVE-2025-40796, CVE-2025-40797, and CVE-2025-40798 (all out-of-bounds read vulnerabilities). The critical scores reflect the ability for unauthenticated remote code execution.

Do attackers need authentication to exploit the Siemens UMC vulnerabilities?

No, all five vulnerabilities can be exploited by unauthenticated remote attackers. This makes them particularly dangerous as attackers do not need any credentials or prior access to exploit these flaws. The vulnerabilities can be exploited remotely over the network without any user interaction.

What can attackers do by exploiting the Siemens UMC vulnerabilities?

Attackers exploiting the critical vulnerabilities CVE-2024-33698 and CVE-2025-40795 can execute arbitrary code on affected systems, potentially leading to complete system compromise. CVE-2025-40795 can also cause denial of service conditions. The three out-of-bounds read vulnerabilities (CVE-2025-40796, CVE-2025-40797, and CVE-2025-40798) allow attackers to cause denial of service, disrupting industrial automation operations.

Has Siemens patched the User Management Component vulnerabilities?

Yes, Siemens has released patches for all affected products. Organizations should update to: Opcenter Quality V2406 or later, Opcenter RDnL V2410 or later, SINEC NMS UMC to V2.15.1.1 or later compatible versions, SINEMA Remote Connect Client V3.2 SP3 or later, and Standalone User Management Component to V2.15.1.3 or later. Specific patching guidance varies by product.

What should organizations do about the Siemens UMC vulnerabilities?

Organizations should immediately update affected products to the patched versions specified by Siemens. For Opcenter Quality, update to V2406 or later. For Opcenter RDnL, update to V2410 or later. For SINEC NMS, update UMC to V2.15.1.1 or later. For SINEMA Remote Connect Client, update to V3.2 SP3 or later. For Standalone UMC, update to V2.15.1.3 or later. Organizations unable to patch should implement port filtering mitigation measures immediately.

What is the Siemens User Management Component used for?

The User Management Component (UMC) is a component integrated into Siemens industrial automation and management products. It is used across multiple Siemens products including Opcenter Quality, Opcenter RDnL, SIMATIC PCS neo, SINEC NMS, SINEMA Remote Connect Client, and Totally Integrated Automation Portal (TIA Portal), making these vulnerabilities particularly impactful for industrial control systems and critical infrastructure.

Why are the Siemens UMC vulnerabilities considered critical?

The vulnerabilities are considered critical because two of them (CVE-2024-33698 and CVE-2025-40795) have CVSS scores of 9.8 and allow unauthenticated remote attackers to execute arbitrary code without any credentials or user interaction. This could lead to complete compromise of industrial automation systems. The vulnerabilities affect widely-deployed industrial control system components used in critical infrastructure, manufacturing, and automation environments, making the potential impact significant.

What type of vulnerabilities are CVE-2024-33698 and CVE-2025-40795?

CVE-2024-33698 is a heap-based buffer overflow vulnerability, while CVE-2025-40795 is a stack-based buffer overflow vulnerability. Both types of buffer overflow vulnerabilities can be exploited to execute arbitrary code by overwriting memory with malicious data, potentially allowing attackers to take control of the affected system. Both have CVSS scores of 9.8 and can be exploited by unauthenticated remote attackers.

Can port 4004 be completely blocked?

Yes, if RT server machines are not being used in the deployment, port 4004 can be blocked completely as a mitigation measure. This provides additional protection for organizations that do not require RT server functionality. However, port 4002 still requires filtering to accept only connections from authorized UMC machines, or complete blocking in non-networked scenarios.

Advisory

Siemens patches multiple critical flaws in User Management Component of multiple products

published: Oct. 17, 2025

Take action: If you're using any Siemens industrial software (Opcenter, SIMATIC PCS neo, SINEC NMS, SINEMA Remote Connect, or TIA Portal), make sure it's isolated from the internet and accessible only from trusted networks. Then plan a quick update update to the latest patched versions, since the User Management Component can be hacked or crashed quite easily. Until you can patch, block or restrict access to TCP ports 4002 and 4004 to only trusted systems within your UMC network.

Learn More

Siemens has released security advisories patching multiple vulnerabilities in its User Management Component (UMC), a component integrated into its industrial automation and management products. These vulnerabilities potentially allow unauthenticated remote attackers to execute arbitrary code or cause denial of service.

Vulnerabilities summary

CVE-2024-33698 (CVSS score 9.8), is a heap-based buffer overflow vulnerability that could allow an unauthenticated remote attacker to execute arbitrary code on affected systems.
CVE-2025-40795 (CVSS score 9.8), a stack-based buffer overflow vulnerability that could similarly allow unauthenticated remote attackers to execute arbitrary code or cause denial of service conditions.
CVE-2025-40796 (CVSS score 7.5), out-of-bounds read vulnerability, allows unauthenticated remote attackers to cause denial of service conditions on affected systems.
CVE-2025-40797 (CVSS score 7.5), out-of-bounds read vulnerability, allows unauthenticated remote attackers to cause denial of service conditions on affected systems.
CVE-2025-40798 (CVSS score 7.5), out-of-bounds read vulnerability, allows unauthenticated remote attackers to cause denial of service conditions on affected systems.

Affected products include

Opcenter Quality (all versions prior to V2406), update to V2406 or later;
Opcenter RDnL (all versions prior to V2410), update to V2410 or later;
SIMATIC PCS neo,
SINEC NMS (all versions), update UMC to V2.15.1.1 or later compatible versions
SINEMA Remote Connect Client (all versions prior to V3.2 SP3), update to V3.2 SP3 or later
Totally Integrated Automation Portal (TIA Portal).
Standalone User Management Component is affected in all versions prior to V2.15.1.3, update to V2.15.1.3 or later

Organizations that can't upgrade to patched versions should filtering ports 4002 and 4004 to only accept connections from IP addresses of machines running UMC that are part of the UMC network. If RT server machines are not being used in the deployment, port 4004 can be blocked completely. In non-networked scenarios or deployments, administrators should block TCP ports 4002 and 4004 on machines with UMC installed.

Siemens patches multiple critical flaws in User Management Component of multiple products

Read More
Critical vulnerabilities reported in Tigo Energy Cloud connect …
Critical FastCGI flaw exposes embedded devices to remote …
Critical Vulnerability in Dover Fueling Solutions MAGLINK LX …
Multiple vulnerabilities reported in METZ CONNECT EWIO2 Industrial …
Critical cryptographic flaw in Meshtastic Mesh Networking platform …