CVE-2025-40797

7.5 HIGH

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (Al...

Published: 2025-09-09 · Last updated: 2026-06-09

Severity and scoring

CVSS: 7.5 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-125

Affected products

Vendor	Product
siemens	simatic_pcs_neo, user_management_component

Description

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions < V6.0 SP1 Update 1), User Management Component (UMC) (All versions < V2.15.1.3). Affected products contain a out-of-bounds read vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2025-40797
[Vendor advisory]https://cert-portal.siemens.com/productcert/html/ssa-722410.html

Related CVEs

Same vendor

CVE-2026-46749 — A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6) (7.5 HIGH)
CVE-2026-46748 — A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6) (8.8 HIGH)
CVE-2026-46747 — A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6) (4.3 MEDIUM)
CVE-2026-46746 — A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6) (8.8 HIGH)
CVE-2026-0257 — Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker ... (9.1 CRITICAL)

Same CWE

CVE-2026-4367 — A flaw was found in libXpm (5.5 MEDIUM)
CVE-2026-47963 — DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive me... (5.5 MEDIUM)
CVE-2026-47934 — DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive me... (5.5 MEDIUM)
CVE-2026-47927 — DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive me... (5.5 MEDIUM)
CVE-2026-47748 — stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inf... (5.5 MEDIUM)