Summary
Siemens has released security updates to address a vulnerability with severity “critical” in the User Management Component (UMC), integrated into various products. This vulnerability, if exploited, could allow a remote attacker to execute arbitrary code on affected systems.
Risk
Community Impact Estimation of the vulnerability: High (66.41)
Type
- Remote Code Execution
Affected Products and/or Versions
Siemens
- Opcenter Execution Foundation
- Opcenter RDL
- Opcenter Intelligence
- Opcenter Quality
- SINEC NMS
- SIMATIC PCS neo, V4.0, V4.1 e V5.0
- Totally Integrated Automation Portal (TIA Portal), versioni 16, 17, 18 e 19
Mitigation Actions
It is recommended that mitigations be implemented following the instructions provided by the vendor for each affected product and reported in the security bulletins in the References section.
Unique Vulnerability Identifiers
CVE-ID
References
https://cert-portal.siemens.com/productcert/html/ssa-928984.html
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
