Lucene search

SiemensCVE-2023-46099

HistoryNov 14, 2023 - 11:15 a.m.

CVE-2023-46099

2023-11-1411:15:14

CWE-79

siemens

web.nvd.nist.gov

vulnerability

simatic pcs neo

stored xss

admin console

security

nvd

cve-2023-46099

CVSS3

5.4

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C

AI Score

4.8

Confidence

High

EPSS

Percentile

14.0%

JSON

A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). There is a stored cross-site scripting vulnerability in the Administration Console of the affected product, that could allow an attacker with high privileges to inject Javascript code into the application that is later executed by another legitimate user.

Affected configurations

Nvd

Node

siemenssimatic_pcs_neoRange<4.1

VendorProductVersionCPE
siemenssimatic_pcs_neo*cpe:2.3:a:siemens:simatic_pcs_neo:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	simatic_pcs_neo	*	cpe:2.3:a:siemens:simatic_pcs_neo::::::::

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "SIMATIC PCS neo",
    "versions": [
      {
        "version": "All versions < V4.1",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-456933.pdf