CVE-2025-40795
published 2025-09-09CVE-2025-40795: A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions), User…
critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions), User Management Component (UMC) (All versions < V2.15.1.3). Affected products contain a stack-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code or to cause a denial of service condition.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | simatic_pcs_neo | — | — |
| siemens | simatic_pcs_neo | — | — |
| siemens | simatic_pcs_neo_v4.1 | < * | * |
| siemens | simatic_pcs_neo_v5.0 | < * | * |
| siemens | simatic_pcs_neo_v6.0 | < * | * |
| siemens | user_management_component | < V2.15.1.3 | V2.15.1.3 |
| siemens | user_management_component | < 2.15.1.3 | 2.15.1.3 |