2024-12-26 16:40:32 Pacfic
Siemens UMC Flaw Allows Remote Code Execution - 5d
A critical security flaw has been discovered in Siemens' User Management Component (UMC). The vulnerability, identified as CVE-2024-49775, is a heap-based buffer overflow which could allow an unauthenticated remote attacker to execute arbitrary code. This serious flaw poses a significant threat to the confidentiality, integrity, and availability of affected industrial and enterprise systems. Siemens has issued a security advisory and urges all customers using impacted products to apply the recommended mitigations immediately. The vulnerability has been given a critical rating with a CVSS v3.1 base score of 9.8 and a CVSS v4.0 score of 9.3. The vulnerability affects several Siemens products that utilize the UMC, including Opcenter Execution Foundation, Opcenter Intelligence, Opcenter Quality, Opcenter RDL, and various versions of SIMATIC PCS neo and Totally Integrated Automation Portal (TIA Portal). While fixes for many of these products are still in development, Siemens has provided essential workarounds. These include filtering ports 4002 and 4004 to only allow connections from machines within the UMC network, and completely blocking port 4004 if no RT server machines are utilized. Siemens has also stated that TIA Portal V20 and later versions incorporate a fixed UMC and are not susceptible to the vulnerability.
ImgSrc: blogger.googleusercontent.com
References:
- GBHackers Security - Siemens UMC Vulnerability Allows Arbitrary Remote Code Execution - 6d
- Vulnerability Archives - CVE-2024-49775 (CVSS 9.8): Critical Vulnerability in Siemens UMC Exposes Systems to Remote Exploitation - 6d
- Chemical Facility Security News - Chemical Facility Security News blog post regarding Siemens UMC vulnerability - 5d
Classification:
- HashTags: Siemens Vulnerability RCE
- Company: Siemens
- Target: Siemens ICS
- Product: User Management Component
- Feature: buffer overflow
- Type: Vulnerability
- Severity: Disaster