CVE-2025-40795

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: SIMATIC PCS neo versions 4.1 (All versions) SIMATIC PCS neo versions 5.0 (All versions) User Management Component (UMC) versions prior to 2.15.1.3

Description: A stack-based buffer overflow vulnerability exists in the integrated User Management Component (UMC). This could allow an unauthenticated remote attacker to execute arbitrary code or cause a denial of service condition.

Recommendations: Update User Management Component (UMC) to version 2.15.1.3 or later. Update SIMATIC PCS neo version 4.1 to a newer version. Update SIMATIC PCS neo version 5.0 to a newer version.

Fix

RCE

DoS

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121

Related Identifiers

CVE-2025-40795

Affected Products

Simatic Pcs Neo

User Management

CVE-2025-40795

Weakness Enumeration

Related Identifiers

Affected Products

References · 9