CVE-2025-40797 – An out-of-bounds read vulnerability in the User... (How to Fix)

Q: How do I fix CVE-2025-40797?

1. Download UMC V2.15.1.3 from Siemens support portal. 2. Backup current configuration. 3. Install the update following Siemens documentation. 4. Restart affected systems. 5. Verify successful update.

Q: What is the severity of CVE-2025-40797?

CVE-2025-40797 has a CVSS score of 7.5 (HIGH). An out-of-bounds read vulnerability in the User Management Component (UMC) of SIMATIC PCS neo industrial control systems allows unauthenticated remote attackers to cause denial of service. This affects all versions of SIMATIC PCS neo V4.1, V5.0, and V6.0 with UMC versions below V2.15.1.3. Organizations using these industrial control systems in manufacturing, energy, or critical infrastructure are at risk.

📋 TL;DR

An out-of-bounds read vulnerability in the User Management Component (UMC) of SIMATIC PCS neo industrial control systems allows unauthenticated remote attackers to cause denial of service. This affects all versions of SIMATIC PCS neo V4.1, V5.0, and V6.0 with UMC versions below V2.15.1.3. Organizations using these industrial control systems in manufacturing, energy, or critical infrastructure are at risk.

💻 Affected Systems

Products:

SIMATIC PCS neo V4.1
SIMATIC PCS neo V5.0
SIMATIC PCS neo V6.0
User Management Component (UMC)

Versions: All versions of SIMATIC PCS neo V4.1, V5.0, V6.0 with UMC versions < V2.15.1.3

Operating Systems: Windows-based industrial control systems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the integrated UMC component across all listed SIMATIC PCS neo versions.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash leading to production downtime, safety system disruption, or process interruption in industrial environments.

🟠

Likely Case

Service disruption affecting user management functionality and potentially causing system instability.

🟢

If Mitigated

Minimal impact with proper network segmentation and access controls limiting exposure.

🌐 Internet-Facing: HIGH - Unauthenticated remote exploitation allows attackers to target exposed systems directly.

🏢 Internal Only: MEDIUM - Internal attackers or compromised systems could still exploit the vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Unauthenticated remote exploitation lowers the barrier for attackers, though specific exploit details are not publicly available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: UMC V2.15.1.3

Vendor Advisory: https://cert-portal.siemens.com/productcert/html/ssa-722410.html

Restart Required: Yes

Instructions:

1. Download UMC V2.15.1.3 from Siemens support portal. 2. Backup current configuration. 3. Install the update following Siemens documentation. 4. Restart affected systems. 5. Verify successful update.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate SIMATIC PCS neo systems from untrusted networks using firewalls and VLANs.

Access Control Lists

all

Implement strict network access controls to limit connections to SIMATIC PCS neo systems.

🧯 If You Can't Patch

Implement strict network segmentation to isolate affected systems from untrusted networks
Deploy intrusion detection systems to monitor for exploitation attempts and anomalous traffic

🔍 How to Verify

Check if Vulnerable:

Check UMC version in SIMATIC PCS neo administration interface or using Siemens diagnostic tools.

Check Version:

Check via SIMATIC PCS neo administration console or Siemens diagnostic utilities specific to the platform.

Verify Fix Applied:

Verify UMC version shows V2.15.1.3 or higher in system administration interface.

📡 Detection & Monitoring

Log Indicators:

UMC service crashes
Unusual connection attempts to UMC ports
System stability alerts

Network Indicators:

Unexpected traffic to UMC service ports
Connection attempts from untrusted sources

SIEM Query:

source="simatic-pcs" AND (event_type="service_crash" OR port=*UMC_port*)

📊 Metadata

CVE ID: CVE-2025-40797

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-125

EPSS Score: 0.12% exploit probability (30.4th percentile)

Published: September 9, 2025

Last Updated: October 14, 2025

🔗 References

https://cert-portal.siemens.com/productcert/html/ssa-722410.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-40797, you might also want to check these: