Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-40566

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions < V4.1 Update 3), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1). Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauthenticated attacker, who has obtained the session token by other means, to re-use a legitimate user's session even after logout.

Published

2025-05-13T10:15:26.183

Last Modified

2025-08-22T20:28:42.893

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Primary
CWE-613

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	siemens	simatic_pcs_neo	< 4.1	Yes
Application	siemens	simatic_pcs_neo	< 5.0	Yes
Application	siemens	simatic_pcs_neo	4.1	Yes
Application	siemens	simatic_pcs_neo	4.1	Yes
Application	siemens	simatic_pcs_neo	5.0	Yes

References

https://cert-portal.siemens.com/productcert/html/ssa-339086.html Vendor Advisory ([email protected])