Critical vulnerability in Siemens UMC exposes systems to remote exploitation

ISGroup Cybersecurity

CVE-2024-49775 is a critical heap-based buffer overflow vulnerability in the Siemens User Management Component (UMC), a core component used in various Siemens products within industrial and enterprise environments. The flaw allows unauthenticated remote attackers to execute arbitrary code.

ProductSiemens
Date2024-12-20 17:16:45
Information
  • Trending
  • Fix Available

Technical Summary

The vulnerability stems from a heap-based buffer overflow within the UMC, which can be exploited by sending specially crafted data packets to the affected systems. A successful attack allows for remote arbitrary code execution, with the potential to compromise sensitive operations in environments where Siemens products are deployed.

Affected products:

  • Opcenter Execution Foundation
  • Opcenter Intelligence
  • Opcenter Quality
  • Opcenter RDL
  • SIMATIC PCS neo (various versions)
  • Totally Integrated Automation Portal (TIA Portal) (versions 16 through 19)

Recommendations

Siemens has provided mitigation guidelines for CVE-2024-49775. Organizations should immediately adopt the following measures to minimize risk:

Apply mitigations:

  • Filter ports 4002 and 4004: restrict connections to these ports by allowing access only from machines within the UMC network.
  • Block port 4004: if RT server machines are not in use, block port 4004 completely.

Update to patched versions:

  • Upgrade to TIA Portal V20 or later, which includes a patched version of the UMC component and is no longer vulnerable.

[Callforaction-THREAT-Footer]