Out of Bound Read Buffer Overflow in Siemens Automation Products
CVE-2025-30176

8.7HIGH

Key Information:

Vendor: Siemens
Status: Simatic Pcs Neo V4.1; Simatic Pcs Neo V5.0; Sinec Nms; Sinema Remote Connect
Vendor: CVE Published:; 13 May 2025

What is CVE-2025-30176?

A vulnerability has been identified in several Siemens automation products, notably in the User Management Component (UMC). This issue involves an out of bounds read buffer overflow, which can potentially be exploited by an unauthenticated remote attacker. If successfully exploited, it could lead to a denial of service condition, impacting the availability of affected systems. Users of SIMATIC PCS neo, SINEC NMS, SINEMA Remote Connect, and versions of the Totally Integrated Automation Portal are advised to review their deployments and apply updates where necessary to mitigate the risks.

Affected Version(s)

SIMATIC PCS neo V4.1 0

SIMATIC PCS neo V5.0 0

SINEC NMS 0

References

https://cert-portal.siemens.com/productcert/html/ssa-6147...

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
May 13, 2025
Vulnerability Reserved
Mar 17, 2025