You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve-2025-40795
About this tag
CVE-2025-40795 is a critical vulnerability disclosed by Siemens in its User Management Component (UMC), as detailed in ProductCERT advisory SSA-722410. The flaw is a stack-based buffer overflow that can lead to remote code execution (RCE). Additionally, three out-of-bounds read issues can cause denial of service (DoS). Siemens recommends updating UMC to version 2.15.1.3 to mitigate these risks. Some Siemens product lines that embed UMC may not receive fixes, requiring immediate inventory, network hardening, or compensating controls. This tag covers discussions about the CVE, its impact on industrial systems, and necessary patching steps.
Siemens has published a high‑severity ProductCERT advisory (SSA‑722410) describing multiple remotely exploitable vulnerabilities in its User Management Component (UMC), including a stack‑based buffer overflow that Siemens scores as critical and three separate out‑of‑bounds read issues that can...
2.15.1.3
buffer overflow
cisa
cve-2025-40795
cve-2025-40796
cve-2025-40797
cve-2025-40798
dos
ics security
industrial control systems
ot security
patch management
productcert
remote code execution
siemens
siemens vulnerabilities
umc
umc v2.15.1.3
windows server