CVE-2025-40796

CWE-125 — Out-of-bounds Read3 documents3 sources

Severity

8.7HIGH

EPSS

0.1%

top 64.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Simatic PCS NEO V4.1 Siemens Simatic PCS NEO V5.0 Siemens Simatic PCS NEO V6.0 +3 more

Timeline

PublishedSep 9

Description

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions), User Management Component (UMC) (All versions < V2.15.1.3). Affected products contain a out-of-bounds read vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages6 packages

▶NVDsiemens/user_management_component< 2.15.1.3

▶CVEListV5siemens/user_management_component_(umc)< V2.15.1.3

▶CVEListV5siemens/simatic_pcs_neo_v4.1< *

▶CVEListV5siemens/simatic_pcs_neo_v5.0< *

▶CVEListV5siemens/simatic_pcs_neo_v6.0< *

🔴Vulnerability Details

GHSA

GHSA-rhj7-r272-hv9p: A vulnerability has been identified in SIMATIC PCS neo V4↗2025-09-09

▶

CVEList

CVE-2025-40796: A vulnerability has been identified in SIMATIC PCS neo V4↗2025-09-09

▶