Lucene search

SiemensCVE-2023-46096

HistoryNov 14, 2023 - 11:15 a.m.

CVE-2023-46096

2023-11-1411:15:14

CWE-306

siemens

web.nvd.nist.gov

simatic pcs neo

vulnerability

unauthenticated

privileged token

document upload

security issue

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

6.2

Confidence

High

EPSS

Percentile

15.5%

JSON

A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). The PUD Manager of affected products does not properly authenticate users in the PUD Manager web service. This could allow an unauthenticated adjacent attacker to generate a privileged token and upload additional documents.

Affected configurations

Nvd

Node

siemenssimatic_pcs_neoRange<4.1

VendorProductVersionCPE
siemenssimatic_pcs_neo*cpe:2.3:a:siemens:simatic_pcs_neo:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	simatic_pcs_neo	*	cpe:2.3:a:siemens:simatic_pcs_neo::::::::

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "SIMATIC PCS neo",
    "versions": [
      {
        "version": "All versions < V4.1",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-456933.pdf

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

6.2

Confidence

High

EPSS

Percentile

15.5%

JSON

Related for CVE-2023-46096