Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-40795

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions), User Management Component (UMC) (All versions < V2.15.1.3). Affected products contain a stack-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code or to cause a denial of service condition.

Published

2025-09-09T09:15:37.343

Last Modified

2025-10-14T10:15:39.027

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Secondary
CWE-121

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	siemens	simatic_pcs_neo	4.1	Yes
Application	siemens	simatic_pcs_neo	5.0	Yes
Application	siemens	user_management_component	< 2.15.1.3	Yes

References

https://cert-portal.siemens.com/productcert/html/ssa-722410.html Vendor Advisory ([email protected])