IM
IronMonkey Threat Research
‹ Back to ICS Advisories

SSA-722410: Multiple Vulnerabilities in User Management Component (UMC)

CRITICAL
CVSS 9.8
Date 2026-06-09T00:00:00+00:00
Source siemens-productcert
Published by Siemens ProductCERT

// Description

Siemens' User Management Component (UMC) is affected by multiple vulnerabilities that could allow an unauthenticated remote attacker to execute arbitrary code or to cause a denial of service condition. Siemens has released a new version for User Management Component (UMC) and recommends to update to the latest version. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.

// Vulnerabilities (4)

CVE ID CVSS Score Severity Description
CVE-2025-40795 9.8 critical
CVE-2025-40795. Affected products contain a stack-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code or to cause a denial of service condition.
CVE-2025-40797 7.5 high
CVE-2025-40797. Affected products contain a out-of-bounds read vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition.
CVE-2025-40796 7.5 high
CVE-2025-40796. Affected products contain a out-of-bounds read vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition.
CVE-2025-40798 7.5 high
CVE-2025-40798. Affected products contain a out-of-bounds read vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition.

// Remediations (5)

Mitigation: In non-networked scenarios/deployments block TCP ports 4002 and 4004 on machines with UMC installed.
In non-networked scenarios/deployments block TCP ports 4002 and 4004 on machines with UMC installed. If the deployment is not using the 'RT Server' type of UMC machine, port 4004 can be blocked everywhere without impacting network functionality for all other UMC machine-types (Server, Ring-Server, Agent).
Patch: Update to V2.15.1.3 or later version
Update to V2.15.1.3 or later version
Patch: Update to V6.0 SP1 Update 1 or later version
Update to V6.0 SP1 Update 1 or later version
Mitigation: In non-networked scenarios/deployments block TCP ports 4002 and 4004 on machines with UMC installed.
In non-networked scenarios/deployments block TCP ports 4002 and 4004 on machines with UMC installed. If the deployment is not using the 'RT Server' type of UMC machine, port 4004 can be blocked everywhere without impacting network functionality for all other UMC machine-types (Server, Ring-Server, Agent).
Patch: Update to V2.15.1.3 or later version
Update to V2.15.1.3 or later version

// References