ICSA-23-348-03
·
Published 2025-01-14
·
View on CISA ICS-CERT ↗
Siemens User Management Component (UMC)
CVSS 7.5
HIGH
Remediations
- Currently no fix is planned
- Update to V17 Update 8 or later version
- Update to V18 Update 3 or later version
- Update to V2.0 SP1 or later version
- Update to V2312 or later version
- Update to V2407 or later version
- Update to V4.1 or later version
- CVE-2023-46281, CVE-2023-46282: Do not access links from untrusted sources
- CVE-2023-46283, CVE-2023-46284: If only one UMC server is used, block access to port 4002/tcp e.g. with an external firewall
- CVE-2023-46284, CVE-2023-46285: If only one RT server is used, block access to port 4004/tcp e.g. with an external firewall. If the deployment contains no RT-Servers, block the port in the local firewall.
Affected Vendors
Siemens
Affected Products (9)
Siemens
·
Opcenter Execution Foundation
vers:all/<V2407
Siemens
·
Opcenter Quality
vers:all/<V2312
Siemens
·
SIMATIC PCS neo
vers:all/<V4.1
Siemens
·
SINEC NMS
<V2.0_SP1
Siemens
·
Totally Integrated Automation Portal (TIA Portal) V14
vers:all/*
Siemens
·
Totally Integrated Automation Portal (TIA Portal) V15.1
vers:all/*
Siemens
·
Totally Integrated Automation Portal (TIA Portal) V16
vers:all/*
Siemens
·
Totally Integrated Automation Portal (TIA Portal) V17
<V17_Update_8
Siemens
·
Totally Integrated Automation Portal (TIA Portal) V18
<V18_Update_3
Affected Sectors
Critical Manufacturing
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more