Skip to content
Contact us

Emerging Threats in Siemens SIMATIC PCS neo: Insufficient Session Expiration Vulnerability

Picture of The 1898 & Co. Team

Recent developments in cybersecurity have highlighted a critical vulnerability in Siemens' SIMATIC PCS neo systems, which are widely used in critical manufacturing sectors globally. The vulnerability, identified as CVE-2025-40566, involves insufficient session expiration, allowing remote unauthenticated attackers to reuse session tokens even after a legitimate user has logged out. This flaw, with a CVSS v4 score of 8.7, poses a significant risk due to its low attack complexity and potential for remote exploitation.

The vulnerability affects all versions of SIMATIC PCS neo V4.1 prior to Update 3 and V5.0 prior to Update 1. Siemens has responded by releasing updates to address this issue and recommends that users upgrade to the latest versions to mitigate the risk. The vulnerability's impact is particularly concerning for critical infrastructure sectors, where operational disruptions could have severe consequences.

In the broader cybersecurity landscape, this incident underscores the importance of robust session management practices and the need for continuous monitoring and updating of industrial control systems (ICS). Organizations are encouraged to implement defense-in-depth strategies and adhere to best practices for ICS cybersecurity to protect against such vulnerabilities.

Threats and Vulnerabilities

The primary threat identified is the insufficient session expiration vulnerability in Siemens SIMATIC PCS neo systems. This flaw allows attackers to hijack user sessions by reusing session tokens, potentially leading to unauthorized access and control over critical systems. The vulnerability is particularly dangerous due to its remote exploitability and low complexity, making it accessible to a wide range of attackers.

The potential impact of this vulnerability is significant, especially in critical manufacturing sectors where Siemens' systems are extensively deployed. Unauthorized access could lead to operational disruptions, data breaches, and even physical damage if attackers manipulate system controls. While no public exploitation has been reported, the risk remains high due to the vulnerability's nature and the critical environments it affects.

Client Impact

Clients using Siemens SIMATIC PCS neo systems may face operational disruptions if this vulnerability is exploited. Unauthorized access could result in data breaches, financial losses, and damage to reputation. Additionally, organizations may encounter regulatory compliance challenges if they fail to address this vulnerability promptly.

From a compliance perspective, failure to mitigate this vulnerability could lead to audits or penalties, particularly in industries subject to stringent cybersecurity regulations. Organizations must ensure they are aligned with relevant laws and standards to avoid potential legal repercussions.

Mitigations

To mitigate the risks associated with the identified vulnerability, clients should take the following actions:

  1. Update all affected Siemens SIMATIC PCS neo systems to V4.1 Update 3 or V5.0 Update 1 or later versions.
  2. Implement network access controls to restrict unauthorized access to devices.
  3. Configure IT environments according to Siemens' operational guidelines for industrial security.
  4. Conduct regular impact analysis and risk assessments before deploying defensive measures.
  5. Educate employees on recognizing and avoiding social engineering attacks, such as phishing.
  6. Monitor systems for suspicious activity and report any incidents to CISA for further analysis.

By taking these steps, organizations can significantly reduce the risk of exploitation and enhance their overall cybersecurity posture. Continuous monitoring and adherence to best practices are essential for maintaining robust defenses against emerging threats.

1898 & Co. Response

1898 & Co. is actively addressing the current threat landscape by offering tailored solutions to help clients mitigate vulnerabilities like those found in Siemens SIMATIC PCS neo systems. Our services include comprehensive security assessments, system updates, and implementation of defense-in-depth strategies tailored to each client's unique environment.

We are enhancing our security protocols by incorporating the latest threat intelligence and collaborating with industry partners to stay ahead of emerging threats. Our ongoing research efforts focus on identifying potential vulnerabilities and developing effective mitigation strategies.

Through case studies and real-world examples, we demonstrate the effectiveness of our solutions in protecting critical infrastructure from cyber threats. Clients can rely on our expertise to navigate complex cybersecurity challenges and safeguard their operations against potential disruptions.

Sources

  1. Siemens Security Advisory for CVE-2025-40566
  2. CVE Details for CVE-2025-40566 (CWE-613)