Unrated severityNVD Advisory· Published Sep 9, 2025· Updated Oct 14, 2025

CVE-2025-40796

Description

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions), User Management Component (UMC) (All versions < V2.15.1.3). Affected products contain a out-of-bounds read vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition.

Affected products

Siemens Foundation/Simatic Pcs7llm-fuzzy
Range: <= V4.1; V5.0; V6.0
Siemens Foundation/User Management Componentllm-fuzzy
Range: < V2.15.1.3
Siemens/SIMATIC PCS neo V4.1v5
Range: 0
Siemens/SIMATIC PCS neo V5.0v5
Range: 0
Siemens/SIMATIC PCS neo V6.0v5
Range: 0
Siemens/User Management Component (UMC)v5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cert-portal.siemens.com/productcert/html/ssa-722410.htmlmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000