CVE-2025-40566
published 2025-05-13CVE-2025-40566: A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions < V4.1 Update 3), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1). Affected…
high8.7CVSS 4.0
AVNACLATNPRNUIPVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions < V4.1 Update 3), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1). Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauthenticated attacker, who has obtained the session token by other means, to re-use a legitimate user's session even after logout.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | simatic_pcs_neo | < 4.1 | 4.1 |
| siemens | simatic_pcs_neo | < 5.0 | 5.0 |
| siemens | simatic_pcs_neo | — | — |
| siemens | simatic_pcs_neo | — | — |
| siemens | simatic_pcs_neo_v4.1 | < V4.1 Update 3 | V4.1 Update 3 |
| siemens | simatic_pcs_neo_v5.0 | < V5.0 Update 1 | V5.0 Update 1 |