EUVD-2025-27239

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Out-of-bounds read in User Management Component enables unauthenticated remote denial of service in SIMATIC PCS neo.

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2025-40796	9 Sep 202511:08	–	circl
CNNVD	Siemens SIMATIC PCS neo和Siemens User Management Component 缓冲区错误漏洞	9 Sep 202500:00	–	cnnvd
CVE	CVE-2025-40796	9 Sep 202508:48	–	cve
Cvelist	CVE-2025-40796	9 Sep 202508:48	–	cvelist
NCSC	Vulnerabilities fixed in Siemens products	9 Sep 202511:06	–	ncsc
NVD	CVE-2025-40796	9 Sep 202509:15	–	nvd
Positive Technologies	PT-2025-36682	9 Sep 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-40796	11 Sep 202509:20	–	redhatcve
Vulnrichment	CVE-2025-40796	9 Sep 202508:48	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "4b0b0073-12b8-397e-9332-efa0c19b211a",
        "vendor": {
          "name": "Siemens"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "1d010647-fe8a-3dc3-9521-7ce568cfd8de",
        "product": {
          "name": "SIMATIC PCS neo V5.0"
        },
        "product_version": "0 <*"
      },
      {
        "id": "604e2a3a-1564-36c3-ba7f-52e63a0f885d",
        "product": {
          "name": "SIMATIC PCS neo V4.1"
        },
        "product_version": "0 <*"
      },
      {
        "id": "a7c43161-ebeb-3e79-b419-797315b28001",
        "product": {
          "name": "User Management Component (UMC)"
        },
        "product_version": "0 <V2.15.1.3"
      }
    ]
  }
]

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/html/ssa-722410.html

03 Oct 2025 20:07Current

6.4Medium risk

Vulners AI Score6.4

CVSS 3.17.5

CVSS 48.7

EPSS0.00154

SSVC