Siemens User Management Component (UMC)

CVSS 7.5 HIGH

CVEs (3)

CVE-2025-30174 CVE-2025-30175 CVE-2025-30176

In non-networked scenarios/deployments block TCP ports 4002 and 4004 on machines with UMC installed. In addition if no RT server machines are used, port 4004 can be blocked completely
Currently no fix is planned
Update to V2.15.1.1 or later version
Update to V4.0 or later version
Update UMC to V2.15.1.1 or later compatible version https://support.industry.siemens.com/cs/ww/en/view/109987708/
Update UMC to V2.15.1.1 or later compatible version https://support.industry.siemens.com/cs/ww/en/view/109987708/

Siemens

Siemens · SIMATIC PCS neo V4.1 vers:all/*

Siemens · SIMATIC PCS neo V5.0 vers:all/*

Siemens · SINEC NMS vers:intdot/<4.0

Siemens · SINEMA Remote Connect vers:all/*

Siemens · Totally Integrated Automation Portal (TIA Portal) V17 vers:all/*

Siemens · Totally Integrated Automation Portal (TIA Portal) V18 vers:all/*

Siemens · Totally Integrated Automation Portal (TIA Portal) V19 vers:all/*

Siemens · Totally Integrated Automation Portal (TIA Portal) V20 vers:all/*

Siemens · User Management Component (UMC) vers:intdot/<2.15.1.1

Critical Manufacturing

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.