PatchSiren cyber security CVE debrief
CVE-2025-40566 Siemens CVE debrief
CVE-2025-40566 is a high-severity Siemens SIMATIC PCS neo vulnerability in which user sessions are not correctly invalidated on logout. If an attacker has already obtained a valid session token by other means, they may be able to reuse that session after the legitimate user logs out. Siemens and CISA published the advisory on 2025-05-13, and vendor updates are available for the affected product lines.
- Vendor
- Siemens
- Product
- SIMATIC PCS neo V4.1
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-05-13
- Original CVE updated
- 2025-05-13
- Advisory published
- 2025-05-13
- Advisory updated
- 2025-05-13
Who should care
Organizations running Siemens SIMATIC PCS neo V4.1 or V5.0, especially industrial and OT environments where authenticated user sessions protect operational interfaces. Security teams, OT administrators, and identity/access management owners should prioritize review and remediation.
Technical summary
The issue is a session invalidation failure: logout does not reliably revoke an active user session. The advisory states that a remote unauthenticated attacker who has obtained the session token by other means could continue to use a legitimate user's session even after logout. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, with a CVSS score of 8.8 (High). Affected products listed in the source are Siemens SIMATIC PCS neo V4.1 and V5.0.
Defensive priority
High. The issue is publicly disclosed, rated High, affects OT software, and has vendor-provided fixes. Even though token theft is a prerequisite, the impact of session reuse after logout can be significant in environments where sessions grant operational access.
Recommended defensive actions
- Update Siemens SIMATIC PCS neo V4.1 to Update 3 or later.
- Update Siemens SIMATIC PCS neo V5.0 to Update 1 or later.
- Verify that logout and session timeout behavior works as expected in your environment after upgrading.
- Review access controls and session-handling practices for OT web applications and operator interfaces.
- Monitor for suspicious session reuse or access that persists beyond expected logout events.
Evidence notes
All core statements are taken from the supplied CISA CSAF source item and its listed Siemens references. The source identifies the affected products, the logout/session invalidation weakness, the potential for session reuse after logout, the CVSS score/vector, and the vendor remediation versions. The timeline fields supplied with the corpus show publication and modification on 2025-05-13. No KEV listing or ransomware association was provided in the corpus.
Official resources
-
CVE-2025-40566 CVE record
CVE.org
-
CVE-2025-40566 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in a Siemens/CISA advisory published on 2025-05-13.