Siemens User Management Component (UMC)

CVSS 9.8 CRITICAL

CVEs (4)

CVE-2025-40795 CVE-2025-40796 CVE-2025-40797 CVE-2025-40798

In non-networked scenarios/deployments block TCP ports 4002 and 4004 on machines with UMC installed. If the deployment is not using the 'RT Server' type of UMC machine, port 4004 can be blocked everywhere without impacting network functionality for all other UMC machine-types (Server, Ring-Server, Agent).
Currently no fix is planned
Currently no fix is available
Update to V2.15.1.3 or later version

Siemens

Siemens · SIMATIC PCS neo V4.1 vers:all/*

Siemens · SIMATIC PCS neo V5.0 vers:all/*

Siemens · SIMATIC PCS neo V6.0 vers:all/*

Siemens · User Management Component (UMC) vers:intdot/<2.15.1.3

Critical Manufacturing, Transportation Systems, Energy, Healthcare and Public Health, Financial Services, Government Services and Facilities

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.