Siemens reports critical flaw in User Management Component (UMC)
Take action: If you are running Siemens products, check the Siemens advisory whether you are at risk. As usual, first implement isolation to trusted networks, filter or fully block ports 4002, 4004. Then plan to patch if a patch is available for your product.
Learn More
Siemens has disclosed a critical vulnerability in their User Management Component (UMC) that affects multiple industrial control systems and automation products.
This vulnerability is tracked as CVE-2024-49775 (CVSS score 9.8) and is a heap-based buffer overflow which could allow unauthenticated remote attackers to execute arbitrary code on affected systems.
- Opcenter Execution Foundation (all versions)
- Opcenter Intelligence (all versions)
- Opcenter Quality (all versions)
- Opcenter RDL (all versions)
- SIMATIC PCS neo
- SINEC NMS (all versions with UMC < V2.15)
- Totally Integrated Automation Portal (TIA Portal)
These systems are widely deployed across manufacturing and energy sectors globally, playing critical roles in industrial automation, distributed control systems, and network monitoring.
Siemens has released limited fixes for the flaw:
- SINEC NMS: Update to V3.0 SP2 or later version and UMC to V2.15 or later
- TIA Portal V20: Incorporates a fixed UMC version not affected by the vulnerability
- Other affected products: Currently no fixes available
Recommended Mitigations:
- Filter ports 4002 and 4004 to only accept connections from UMC network machines
- Block port 4004 completely if no RT server machines are used
- Configure environments according to Siemens' operational guidelines for Industrial Security
- Implement defense-in-depth strategies as recommended by CISA
The vulnerability was discovered by Tenable and disclosed on December 16, 2024. While there are currently no reports of public exploitation, CISA emphasizes the importance of vigilance and encourages organizations to report any suspected malicious activity.
