Siemens Warns of a Critical Vulnerability in UMC

Heap Overflow Flaw Threatens Industrial Control Systems Globally Prajeet Nair (@prajeetspeaks) • December 20, 2024

Siemens issued a security advisory for a critical vulnerability affecting industrial control systems in its User Management Component - or UMC - that could enable attackers to execute arbitrary code.

See Also: From Ancient Myths to Modern Threats: Securing the Transition from Legacy to Leading Edge

The heap-based buffer overflow flaw impacts products used in manufacturing and the energy sector. The flaw is tracked as CVE-2024-49775.

UMC is a central component in Siemens' industrial automation suite, enabling system-wide user management. Affected products include Opcenter Execution Foundation, Opcenter Intelligence, SIMATIC PCS neo, SINEC NMS and Totally Integrated Automation Portal.

Those systems play a pivotal role in managing distributed control systems, network monitoring and industrial automation. The U.S. Cybersecurity and Infrastructure Security Agency said that these products are widely deployed across the globe.

The vulnerability was discovered ...