{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T15:53:23.566","vulnerabilities":[{"cve":{"id":"CVE-2025-40566","sourceIdentifier":"productcert@siemens.com","published":"2025-05-13T10:15:26.183","lastModified":"2025-08-22T20:28:42.893","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions < V4.1 Update 3), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1). Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauthenticated attacker, who has obtained the session token by other means, to re-use a legitimate user's session even after logout."},{"lang":"es","value":"Se ha identificado una vulnerabilidad en SIMATIC PCS neo V4.1 (todas las versiones anteriores a V4.1 Update 3) y SIMATIC PCS neo V5.0 (todas las versiones anteriores a V5.0 Update 1). Los productos afectados no invalidan correctamente las sesiones de usuario al cerrar sesión. Esto podría permitir que un atacante remoto no autenticado, que haya obtenido el token de sesión por otros medios, reutilice la sesión de un usuario legítimo incluso después de cerrar sesión."}],"metrics":{"cvssMetricV40":[{"source":"productcert@siemens.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"productcert@siemens.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"productcert@siemens.com","type":"Secondary","description":[{"lang":"en","value":"CWE-613"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:simatic_pcs_neo:*:*:*:*:*:*:*:*","versionEndExcluding":"4.1","matchCriteriaId":"96D49ACA-BF2E-4C89-8168-E4A95D5B22AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:simatic_pcs_neo:*:-:*:*:*:*:*:*","versionEndExcluding":"5.0","matchCriteriaId":"4BCD89FF-30E1-4897-83AA-1A4EC6B418AE"},{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:simatic_pcs_neo:4.1:update_1:*:*:*:*:*:*","matchCriteriaId":"74AEFD20-9CE4-4D7B-B9C1-177223063436"},{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:simatic_pcs_neo:4.1:update_2:*:*:*:*:*:*","matchCriteriaId":"C6DA7272-EC78-4B88-B436-68698C59E19C"},{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:simatic_pcs_neo:5.0:-:*:*:*:*:*:*","matchCriteriaId":"668E36C2-18CA-4584-BED9-5E0F7073FF0E"}]}]}],"references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-339086.html","source":"productcert@siemens.com","tags":["Vendor Advisory"]}]}}]}