Siemens Simatic Pcs Neo vulnerabilities

CVE-2025-40795 [CRITICAL] CWE-121 CVE-2025-40795: A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (Al A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions), User Management Component (UMC) (All versions < V2.15.1.3). Affected products contain a stack-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated

CVE-2025-40796 [HIGH] CWE-125 CVE-2025-40796: A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (Al A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions), User Management Component (UMC) (All versions < V2.15.1.3). Affected products contain a out-of-bounds read vulnerability in the integrated UMC component. This could allow an unauthenticated remote attack

CVE-2025-40797 [HIGH] CWE-125 CVE-2025-40797: A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (Al A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions), User Management Component (UMC) (All versions < V2.15.1.3). Affected products contain a out-of-bounds read vulnerability in the integrated UMC component. This could allow an unauthenticated remote attack

CVE-2025-40798 [HIGH] CWE-125 CVE-2025-40798: A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (Al A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions), User Management Component (UMC) (All versions < V2.15.1.3). Affected products contain a out-of-bounds read vulnerability in the integrated UMC component. This could allow an unauthenticated remote attack

CVE-2025-30175 [HIGH] CWE-787 CVE-2025-30175: A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (Al A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation

CVE-2025-30176 [HIGH] CWE-125 CVE-2025-30176: A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (Al A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation

CVE-2025-40566 [HIGH] CWE-613 CVE-2025-40566: A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions < V4.1 Update 3), SIMATIC A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions < V4.1 Update 3), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1). Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauthenticated attacker, who has obtained the session token by other means, to re-use a legitimate user'

CVE-2023-46281 [HIGH] CWE-942 CVE-2023-46281: A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcente A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), T

CVE-2023-46283 [HIGH] CWE-120 CVE-2023-46283: A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcente A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), T

CVE-2023-46285 [HIGH] CWE-20 CVE-2023-46285: A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcente A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), To

CVE-2023-46284 [HIGH] CWE-120 CVE-2023-46284: A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcente A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), T

CVE-2023-46282 [HIGH] CWE-79 CVE-2023-46282: A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcente A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), To

CVE-2023-46098 [HIGH] CWE-942 CVE-2023-46098: A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). When accessing the Inf A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). When accessing the Information Server from affected products, the products use an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior.

CVE-2023-46097 [MEDIUM] CWE-89 CVE-2023-46097: A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). The PUD Manager of aff A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). The PUD Manager of affected products does not properly neutralize user provided inputs. This could allow an authenticated adjacent attacker to execute SQL statements in the underlying database.

CVE-2023-46096 [MEDIUM] CWE-306 CVE-2023-46096: A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). The PUD Manager of aff A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). The PUD Manager of affected products does not properly authenticate users in the PUD Manager web service. This could allow an unauthenticated adjacent attacker to generate a privileged token and upload additional documents.

CVE-2023-46099 [MEDIUM] CWE-79 CVE-2023-46099: A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). There is a stored cros A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). There is a stored cross-site scripting vulnerability in the Administration Console of the affected product, that could allow an attacker with high privileges to inject Javascript code into the application that is later executed by another legitimate user.

CVE-2023-38558 [MEDIUM] CWE-538 CVE-2023-38558: A vulnerability has been identified in SIMATIC PCS neo (Administration Console) V4.0 (All versions), A vulnerability has been identified in SIMATIC PCS neo (Administration Console) V4.0 (All versions), SIMATIC PCS neo (Administration Console) V4.0 Update 1 (All versions). The affected application leaks Windows admin credentials. An attacker with local access to the Administration Console could get the credentials, and impersonate the admin user, th

CVE-2022-27194 [HIGH] CWE-400 CVE-2022-27194: A vulnerability has been identified in SIMATIC PCS neo (Administration Console) (All versions < V3.1 A vulnerability has been identified in SIMATIC PCS neo (Administration Console) (All versions < V3.1 SP1), SINETPLAN (All versions), TIA Portal (V15, V15.1, V16 and V17). The affected system cannot properly process specially crafted packets sent to port 8888/tcp. A remote attacker could exploit this vulnerability to cause a Denial-of-Service condition

CVE-2021-20093 [CRITICAL] CWE-125 CVE-2021-20093: A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticat A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to disclose heap memory contents or crash the CodeMeter Runtime Server.

CVE-2020-7587 [HIGH] CWE-400 CVE-2020-7587: A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter E A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Produ