Siemens SIMATIC PCS

Plan Patch8.8ICS-CERT ICSA-25-135-12May 13, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

SIMATIC PCS neo V4.1 and V5.0 do not correctly invalidate user sessions upon logout. A remote attacker who has obtained a session token through other means can re-use that token to access the system and execute commands as the legitimate user, even after the user has logged out. This occurs because the system does not properly clear or invalidate the session credentials when a user logs out.

What this means

What could happen

An attacker who obtains a session token could maintain access to SIMATIC PCS neo and run commands on the system even after the legitimate user logs out, potentially altering process parameters or disrupting production control.

Who's at risk

Owners and operators of SIMATIC PCS neo systems used for process control in manufacturing, chemical, power generation, and water/wastewater facilities should be aware of this vulnerability. PCS neo is a control system software platform; the vulnerability affects the web-based engineering and monitoring interface.

How it could be exploited

An attacker first obtains a valid session token (through phishing, MITM attack, or other means). The attacker then sends requests to SIMATIC PCS neo using that token after the legitimate user has logged out. Because the system does not invalidate sessions on logout, the attacker's requests are processed as if from an authenticated user.

Prerequisites

Network access to SIMATIC PCS neo HTTP/HTTPS interface
Valid session token obtained by other means (e.g., credential theft, network interception, phishing)
Attacker does not need credentials if token is already obtained

remotely exploitableno authentication required once session token is obtainedlow complexityaffects control system availability and integrity

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

SIMATIC PCS neo V4.1<V4.1 Update 34.1 Update 3

SIMATIC PCS neo V5.0<V5.0 Update 15.0 Update 1

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to SIMATIC PCS neo to authorized engineering stations only using firewall rules or network segmentation

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

SIMATIC PCS neo V4.1

HOTFIXUpdate SIMATIC PCS neo V4.1 to V4.1 Update 3 or later

SIMATIC PCS neo V5.0

HOTFIXUpdate SIMATIC PCS neo V5.0 to V5.0 Update 1 or later

Long-term hardening

0/1

HARDENINGImplement network segmentation to isolate SIMATIC PCS neo from untrusted networks and enforce defense-in-depth practices per Siemens operational guidelines

CVEs (1)

CVE-2025-40566

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e279641c-092e-42b3-8da0-220431d41330