A critical vulnerability has been identified in Siemens’ User Management Component (UMC), which could allow unauthenticated remote attackers to execute arbitrary code.
The flaw, designated CVE-2024-49775, is a heap-based buffer overflow vulnerability. Siemens has issued Security Advisory SSA-928984 and urges customers to implement recommended fixes or mitigations to minimize the risks.
Details of the Vulnerability
The vulnerability affects multiple Siemens products integrated with the UMC component, allowing remote attackers to execute arbitrary code that could jeopardize the confidentiality, integrity, and availability of affected systems.
Rated as critical, the flaw carries a CVSS v3.1 Base Score of 9.8 and a CVSS v4.0 Base Score of 9.3.
Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free
Classified under CWE-122: Heap-Based Buffer Overflow, the issue stems from improper memory handling and poses significant risks to operational systems.
Siemens has credited Tenable for its role in the coordinated disclosure of this vulnerability.
Affected Products and Solutions
The following table provides an overview of affected products, their vulnerability status, and available mitigations.
| Product | Version | CVE ID | Remediation |
| Opcenter Execution Foundation | All versions | CVE-2024-49775 | No fix available. Follow recommendations in Workarounds and Mitigations. |
| Opcenter Intelligence | All versions | CVE-2024-49775 | No fix available. Follow recommendations in Workarounds and Mitigations. |
| Opcenter Quality | All versions | CVE-2024-49775 | No fix available. Follow recommendations in Workarounds and Mitigations. |
| Opcenter RDL | All versions | CVE-2024-49775 | No fix available. Follow recommendations in Workarounds and Mitigations. |
| SINEC NMS | UMC < V2.15 | CVE-2024-49775 | Update SINEC NMS to V3.0 SP2 or later and UMC to V2.15 or later. Contact Siemens support. |
| Totally Integrated Automation Portal (TIA Portal) | Open for details | CVE-2024-49775 | Fixed versions available; see Siemens support documentation for details. |
- Port Restrictions:Â Filter ports 4002 and 4004 to accept connections only from machines within the UMC network. If no RT server machines are used, block port 4004 entirely.
- Update Affected Systems:Â Apply patch updates or upgrades to fixed versions as specified in product-specific mitigations.
Siemens emphasizes strict adherence to industrial security guidelines and general network protection best practices.
This critical vulnerability underscores the importance of regular patch management and proactive threat mitigation in industrial environments.
2024 MITRE ATT&CK Evaluation Results for SMEs & MSPs -> Download Free Guide
, which could allow unauthenticated remote attackers to execute arbitrary code.){kind=link}