CVE-2025-40566

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions < V4.1 Update 3), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1). Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauthenticated attacker, who has obtained the session token by other means, to re-use a legitimate user's session even after logout.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://cert-portal.siemens.com/productcert/html/ssa-339086.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:siemens:simatic_pcs_neo::::::::
	cpe:2.3:a:siemens:simatic_pcs_neo::-::::::*
	cpe:2.3:a:siemens:simatic_pcs_neo:4.1:update_1::::::
	cpe:2.3:a:siemens:simatic_pcs_neo:4.1:update_2::::::
	cpe:2.3:a:siemens:simatic_pcs_neo:5.0:-::::::

History

No history.

Information

Published : 2025-05-13 10:15

Updated : 2025-08-22 20:28

NVD link : CVE-2025-40566

Mitre link : CVE-2025-40566

CVE.ORG link : CVE-2025-40566

JSON object : View

Products Affected

siemens

simatic_pcs_neo

CWE

CWE-613

Insufficient Session Expiration

{"id": "CVE-2025-40566", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-05-13T10:15:26.183", "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-339086.html", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-613"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions < V4.1 Update 3), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1). Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauthenticated attacker, who has obtained the session token by other means, to re-use a legitimate user's session even after logout."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en SIMATIC PCS neo V4.1 (todas las versiones anteriores a V4.1 Update 3) y SIMATIC PCS neo V5.0 (todas las versiones anteriores a V5.0 Update 1). Los productos afectados no invalidan correctamente las sesiones de usuario al cerrar sesi\u00f3n. Esto podr\u00eda permitir que un atacante remoto no autenticado, que haya obtenido el token de sesi\u00f3n por otros medios, reutilice la sesi\u00f3n de un usuario leg\u00edtimo incluso despu\u00e9s de cerrar sesi\u00f3n."}], "lastModified": "2025-08-22T20:28:42.893", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siemens:simatic_pcs_neo:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96D49ACA-BF2E-4C89-8168-E4A95D5B22AA", "versionEndExcluding": "4.1"}, {"criteria": "cpe:2.3:a:siemens:simatic_pcs_neo:*:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BCD89FF-30E1-4897-83AA-1A4EC6B418AE", "versionEndExcluding": "5.0"}, {"criteria": "cpe:2.3:a:siemens:simatic_pcs_neo:4.1:update_1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74AEFD20-9CE4-4D7B-B9C1-177223063436"}, {"criteria": "cpe:2.3:a:siemens:simatic_pcs_neo:4.1:update_2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6DA7272-EC78-4B88-B436-68698C59E19C"}, {"criteria": "cpe:2.3:a:siemens:simatic_pcs_neo:5.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "668E36C2-18CA-4584-BED9-5E0F7073FF0E"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}