A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions), User Management Component (UMC) (All versions < V2.15.1.3). Affected products contain a out-of-bounds read vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition.
References
| Link | Resource |
|---|---|
| https://cert-portal.siemens.com/productcert/html/ssa-722410.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
14 Oct 2025, 10:15
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | (en) A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions), User Management Component (UMC) (All versions < V2.15.1.3). Affected products contain a out-of-bounds read vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition. |
03 Oct 2025, 19:29
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:siemens:simatic_pcs_neo:4.1:*:*:*:*:*:*:* cpe:2.3:a:siemens:user_management_component:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_pcs_neo:5.0:*:*:*:*:*:*:* |
|
| References | () https://cert-portal.siemens.com/productcert/html/ssa-722410.html - Vendor Advisory | |
| First Time |
Siemens simatic Pcs Neo
Siemens user Management Component Siemens |
09 Sep 2025, 09:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-09-09 09:15
Updated : 2025-10-14 10:15
NVD link : CVE-2025-40796
Mitre link : CVE-2025-40796
CVE.ORG link : CVE-2025-40796
JSON object : View
Products Affected
siemens
- user_management_component
- simatic_pcs_neo
CWE
CWE-125
Out-of-bounds Read