Description
A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions), User Management Component (UMC) (All versions < V2.15.1.3). Affected products contain a out-of-bounds read vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition.
Published: 2025-09-09
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-27237 A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), User Management Component (UMC) (All versions < V2.15.1.3). Affected products contain a out-of-bounds read vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition.
History

Tue, 14 Oct 2025 09:30:00 +0000

Type Values Removed Values Added
Description A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), User Management Component (UMC) (All versions < V2.15.1.3). Affected products contain a out-of-bounds read vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition. A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions), User Management Component (UMC) (All versions < V2.15.1.3). Affected products contain a out-of-bounds read vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition.

Fri, 03 Oct 2025 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Siemens user Management Component
CPEs cpe:2.3:a:siemens:simatic_pcs_neo:4.1:*:*:*:*:*:*:*
cpe:2.3:a:siemens:simatic_pcs_neo:5.0:*:*:*:*:*:*:*
cpe:2.3:a:siemens:user_management_component:*:*:*:*:*:*:*:*
Vendors & Products Siemens user Management Component

Tue, 09 Sep 2025 23:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Sep 2025 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Siemens
Siemens simatic
Siemens simatic Pcs Neo
Vendors & Products Siemens
Siemens simatic
Siemens simatic Pcs Neo

Tue, 09 Sep 2025 09:00:00 +0000

Type Values Removed Values Added
Description A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), User Management Component (UMC) (All versions < V2.15.1.3). Affected products contain a out-of-bounds read vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition.
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Siemens Simatic Simatic Pcs Neo User Management Component
cve-icon MITRE

Status: PUBLISHED

Assigner: siemens

Published:

Updated: 2025-10-14T09:15:26.323Z

Reserved: 2025-04-16T08:50:26.973Z

Link: CVE-2025-40798

cve-icon Vulnrichment

Updated: 2025-09-09T19:34:05.792Z

cve-icon NVD

Status : Modified

Published: 2025-09-09T09:15:38.160

Modified: 2025-10-14T10:15:39.447

Link: CVE-2025-40798

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-09-09T21:31:33Z

Weaknesses