Out-of-Bounds Read Vulnerability in SIMATIC PCS neo and User Management Component
CVE-2025-40796
8.7HIGH
Key Information:
- Vendor
Siemens
- Vendor
- CVE Published:
- 9 September 2025
What is CVE-2025-40796?
An out-of-bounds read vulnerability has been discovered in SIMATIC PCS neo versions and its User Management Component. This flaw may permit an unauthenticated remote attacker to exploit the affected system, leading to a potential denial of service scenario. Addressing this vulnerability is crucial to maintaining system integrity and availability.
Affected Version(s)
SIMATIC PCS neo V4.1 0
SIMATIC PCS neo V5.0 0
User Management Component (UMC) 0