CVE Catalog

CVE-2025-40795

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.37%

59th percentile - higher than 59% of all known CVEs

Summary

A vulnerability has been identified in SIMATIC PCS neo versions 4.1, 5.0, and 6.0 (all versions below V6.0 SP1 Update 1) and in the User Management Component (UMC) (all versions below V2.15.1.3). This vulnerability involves a stack-based buffer overflow in the integrated UMC component, which could allow an unauthenticated remote attacker to execute arbitrary code or cause a denial of service condition.

Risk Assessment

The organization is at risk of malicious code execution by an attacker, which could lead to serious consequences, including data loss and system downtime.

Recommendation

It is recommended to update to the latest versions of SIMATIC PCS neo and UMC to mitigate this vulnerability. Additionally, appropriate security measures should be implemented to restrict access to the system.

Original NVD description (English source)

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions < V6.0 SP1 Update 1), User Management Component (UMC) (All versions < V2.15.1.3). Affected products contain a stack-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code or to cause a denial of service condition.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS