Out-of-Bounds Read Vulnerability in SIMATIC PCS neo and User Management Component
CVE-2025-40796

8.7HIGH

What is CVE-2025-40796?

An out-of-bounds read vulnerability has been discovered in SIMATIC PCS neo versions and its User Management Component. This flaw may permit an unauthenticated remote attacker to exploit the affected system, leading to a potential denial of service scenario. Addressing this vulnerability is crucial to maintaining system integrity and availability.

Affected Version(s)

SIMATIC PCS neo V4.1 0

SIMATIC PCS neo V5.0 0

User Management Component (UMC) 0

References

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.