Siemens User Management Component (UMC) Classic Buffer Overflow Vulnerability

Opcenter Quality is a quality management system (QMS) that enables organizations to safeguard compliance, optimize quality, reduce the cost of defects and rework, and achieve operational excellence by improving process stability. simatic pcs neo is a distributed control system (DCS). the SINUMERIK integrated product suite helps to achieve simple networking of machine tools in the IT of the production environment. Totally Integrated Automation Portal (TIA Portal) is PC software that offers the complete range of Siemens digital automation services, from digital planning and integrated engineering to transparent operation. user Management Component (UMC) is an integrated component that enables centralized system-wide maintenance for users. A classic buffer overflow vulnerability exists in Siemens User Management Component (UMC), where an affected application contains out-of-bounds writes beyond the end of an allocated buffer when processing a specific request on port 4002/tcp. An attacker can exploit the vulnerability to crash the application. The corresponding service is automatically restarted after the crash.