CVE-2025-40795

CWE-121 — Stack-based Buffer Overflow3 documents3 sources

Severity

9.3CRITICAL

EPSS

0.2%

top 58.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Simatic PCS NEO V4.1 Siemens Simatic PCS NEO V5.0 Siemens Simatic PCS NEO V6.0 +3 more

Timeline

PublishedSep 9

Description

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions), User Management Component (UMC) (All versions < V2.15.1.3). Affected products contain a stack-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code or to cause a denial of service condition.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages6 packages

▶NVDsiemens/user_management_component< 2.15.1.3

▶CVEListV5siemens/user_management_component_(umc)< V2.15.1.3

▶CVEListV5siemens/simatic_pcs_neo_v4.1< *

▶CVEListV5siemens/simatic_pcs_neo_v5.0< *

▶CVEListV5siemens/simatic_pcs_neo_v6.0< *

🔴Vulnerability Details

GHSA

GHSA-8mhf-qqpq-2vcr: A vulnerability has been identified in SIMATIC PCS neo V4↗2025-09-09

▶

CVEList

CVE-2025-40795: A vulnerability has been identified in SIMATIC PCS neo V4↗2025-09-09

▶