CVE-2025-40798
published 2025-09-09CVE-2025-40798: A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions), User…
high8.7CVSS 4.0
AVNACLATNPRNUINVCNVINVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions), User Management Component (UMC) (All versions < V2.15.1.3). Affected products contain a out-of-bounds read vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | simatic_pcs_neo | — | — |
| siemens | simatic_pcs_neo | — | — |
| siemens | simatic_pcs_neo_v4.1 | < * | * |
| siemens | simatic_pcs_neo_v5.0 | < * | * |
| siemens | simatic_pcs_neo_v6.0 | < * | * |
| siemens | user_management_component | < V2.15.1.3 | V2.15.1.3 |
| siemens | user_management_component | < 2.15.1.3 | 2.15.1.3 |