CVE-2025-30175
CVE-2025-30175
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 8.7EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
13 mai 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions), User Management Component (UMC) (All versions < V2.15.1.1). Affected products contain a out of bound write buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Produtos afetados
Siemens · SIMATIC PCS neo V4.1Siemens · SIMATIC PCS neo V5.0Siemens · SINEC NMSSiemens · SINEMA Remote ConnectSiemens · Totally Integrated Automation Portal (TIA Portal) V17Siemens · Totally Integrated Automation Portal (TIA Portal) V18Siemens · Totally Integrated Automation Portal (TIA Portal) V19Siemens · Totally Integrated Automation Portal (TIA Portal) V20Siemens · User Management Component (UMC)Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →