Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

SIMATIC PCS neo V4.1

Source -

CNA

CNA CVEs -

8

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
8Vulnerabilities found
CVE-2024-54678
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.6||HIGH
EPSS-0.04% / 11.87%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 11:16
Updated-12 Aug, 2025 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions < V19 Update 4), SIMATIC STEP 7 V20 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions < V19 Update 4), SIMATIC WinCC V20 (All versions), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOCODE ES V20 (All versions), SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5.5 (All versions), SIMOTION SCOUT TIA V5.6 (All versions < V5.6 SP1 HF7), SIMOTION SCOUT TIA V5.7 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SINAMICS Startdrive V19 (All versions), SINAMICS Startdrive V20 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Safety ES V19 (TIA Portal) (All versions), SIRIUS Safety ES V20 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions), SIRIUS Soft Starter ES V20 (TIA Portal) (All versions), TIA Portal Cloud V17 (All versions), TIA Portal Cloud V18 (All versions), TIA Portal Cloud V19 (All versions < V5.2.1.1), TIA Portal Cloud V20 (All versions), TIA Portal Test Suite V20 (All versions). Affected products do not properly sanitize Interprocess Communication input received through a Windows Named Pipe accessible to all local users. This could allow an authenticated local attacker to cause a type confusion and execute arbitrary code within the affected application.

Action-Not Available
Vendor-Siemens AG
Product-SIMATIC WinCC V17SIRIUS Soft Starter ES V20 (TIA Portal)SIMATIC STEP 7 V17SIRIUS Safety ES V20 (TIA Portal)SIMOTION SCOUT TIA V5.7SIMATIC PCS neo V6.0TIA Portal Cloud V17SINAMICS Startdrive V17SIRIUS Safety ES V18 (TIA Portal)SIMOTION SCOUT TIA V5.5SIMOTION SCOUT TIA V5.6SIMATIC STEP 7 V18SINAMICS Startdrive V19SIRIUS Soft Starter ES V17 (TIA Portal)TIA Portal Cloud V20SIMATIC STEP 7 V19SIMATIC PCS neo V4.1SINAMICS Startdrive V20SIRIUS Safety ES V19 (TIA Portal)SIMOCODE ES V19SIMOCODE ES V20SIMATIC WinCC V19SIMATIC STEP 7 V20TIA Portal Cloud V18SIMATIC S7-PLCSIM V17TIA Portal Test Suite V20SIRIUS Soft Starter ES V19 (TIA Portal)TIA Portal Cloud V19SIRIUS Safety ES V17 (TIA Portal)SIMATIC WinCC V18SIRIUS Soft Starter ES V18 (TIA Portal)SIMOTION SCOUT TIA V5.4SINAMICS Startdrive V18SIMATIC WinCC V20SIMATIC PCS neo V5.0SIMOCODE ES V17SIMOCODE ES V18
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-40566
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.07% / 22.61%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 09:38
Updated-22 Aug, 2025 | 20:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions < V4.1 Update 3), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1). Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauthenticated attacker, who has obtained the session token by other means, to re-use a legitimate user's session even after logout.

Action-Not Available
Vendor-Siemens AG
Product-simatic_pcs_neoSIMATIC PCS neo V5.0SIMATIC PCS neo V4.1
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2025-30176
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.08% / 23.55%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 09:38
Updated-08 Jul, 2025 | 11:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions), User Management Component (UMC) (All versions < V2.15.1.1). Affected products contain a out of bound read buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition.

Action-Not Available
Vendor-Siemens AG
Product-Totally Integrated Automation Portal (TIA Portal) V19SIMATIC PCS neo V4.1Totally Integrated Automation Portal (TIA Portal) V17Totally Integrated Automation Portal (TIA Portal) V20SINEC NMSTotally Integrated Automation Portal (TIA Portal) V18SINEMA Remote ConnectSIMATIC PCS neo V5.0User Management Component (UMC)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-30175
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.08% / 23.55%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 09:38
Updated-08 Jul, 2025 | 11:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions), User Management Component (UMC) (All versions < V2.15.1.1). Affected products contain a out of bound write buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition.

Action-Not Available
Vendor-Siemens AG
Product-Totally Integrated Automation Portal (TIA Portal) V19SIMATIC PCS neo V4.1Totally Integrated Automation Portal (TIA Portal) V17Totally Integrated Automation Portal (TIA Portal) V20SINEC NMSTotally Integrated Automation Portal (TIA Portal) V18SINEMA Remote ConnectSIMATIC PCS neo V5.0User Management Component (UMC)
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-30174
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.08% / 23.55%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 09:38
Updated-08 Jul, 2025 | 11:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions), User Management Component (UMC) (All versions < V2.15.1.1). Affected products contain a out of bound read buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition.

Action-Not Available
Vendor-Siemens AG
Product-Totally Integrated Automation Portal (TIA Portal) V19SIMATIC PCS neo V4.1Totally Integrated Automation Portal (TIA Portal) V17Totally Integrated Automation Portal (TIA Portal) V20SINEC NMSTotally Integrated Automation Portal (TIA Portal) V18SINEMA Remote ConnectSIMATIC PCS neo V5.0User Management Component (UMC)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-45386
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.10% / 28.82%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 10:28
Updated-11 Feb, 2025 | 14:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SIMOCODE ES V19 (All versions < V19 Update 1), SIRIUS Safety ES V19 (TIA Portal) (All versions < V19 Update 1), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions < V19 Update 1), TIA Administrator (All versions < V3.0.4). Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauthenticated attacker, who has obtained the session token by other means, to re-use a legitimate user's session even after logout.

Action-Not Available
Vendor-Siemens AG
Product-SIRIUS Safety ES V19 (TIA Portal)SIMOCODE ES V19SIMATIC PCS neo V4.0SIMATIC PCS neo V5.0TIA AdministratorSIMATIC PCS neo V4.1SIRIUS Soft Starter ES V19 (TIA Portal)
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2024-49775
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-9.3||CRITICAL
EPSS-0.48% / 64.29%
||
7 Day CHG+0.07%
Published-16 Dec, 2024 | 15:06
Updated-12 Mar, 2025 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Opcenter Execution Foundation (All versions), Opcenter Intelligence (All versions), Opcenter Quality (All versions), Opcenter RDL (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 3), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All versions if operated in conjunction with UMC < V2.15), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.

Action-Not Available
Vendor-Siemens AG
Product-Opcenter RDLTotally Integrated Automation Portal (TIA Portal) V16Totally Integrated Automation Portal (TIA Portal) V17Opcenter Execution FoundationTotally Integrated Automation Portal (TIA Portal) V18Totally Integrated Automation Portal (TIA Portal) V19SIMATIC PCS neo V5.0SINEC NMSSIMATIC PCS neo V4.0Opcenter QualitySIMATIC PCS neo V4.1Opcenter Intelligence
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-33698
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-9.3||CRITICAL
EPSS-0.96% / 75.56%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 09:36
Updated-11 Mar, 2025 | 10:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Opcenter Execution Foundation (All versions), Opcenter Quality (All versions), Opcenter RDL (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All versions), SINEMA Remote Connect Client (All versions < V3.2 SP3), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 5), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 3). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.

Action-Not Available
Vendor-Siemens AG
Product-Opcenter RDLSINEMA Remote Connect ClientTotally Integrated Automation Portal (TIA Portal) V16Totally Integrated Automation Portal (TIA Portal) V17Opcenter Execution FoundationTotally Integrated Automation Portal (TIA Portal) V18Totally Integrated Automation Portal (TIA Portal) V19SIMATIC PCS neo V5.0SINEC NMSSIMATIC PCS neo V4.0Opcenter QualitySIMATIC PCS neo V4.1totally_integrated_automation_portalsimatic_pcs_neosimatic_information_server
CWE ID-CWE-122
Heap-based Buffer Overflow