CVE-2023-38558

🗓️ 14 Sep 2023 10:39:29Reported by siemensType

A vulnerability in SIMATIC PCS neo (Administration Console) V4.0 & V4.0 Update 1 leaks Windows admin credentials, allowing an attacker to gain admin access to other systems

Reporter	Title	Published	Views	Family All 13
BDU FSTEC	The vulnerability of the administration console of the SIMATIC PCS neo web-based system for managing technological processes allows a hacker to obtain the administrator’s Windows account credentials.	17 Sep 202300:00	–	bdu_fstec
Circl	CVE-2023-38558	14 Sep 202314:39	–	circl
CNNVD	Siemens SIMATIC 安全漏洞	14 Sep 202300:00	–	cnnvd
CNVD	Siemens SIMATIC PCS neo (Administration Console) Information Disclosure Vulnerability	15 Sep 202300:00	–	cnvd
CVE	CVE-2023-38558	14 Sep 202310:39	–	cve
EUVD	EUVD-2023-42357	3 Oct 202520:07	–	euvd
ICS	Siemens SIMATIC PCS neo Administration Console	14 Sep 202300:00	–	ics
NVD	CVE-2023-38558	14 Sep 202311:15	–	nvd
OSV	CVE-2023-38558	14 Sep 202311:15	–	osv
Prion	Design/Logic Flaw	14 Sep 202311:15	–	prion

[
  {
    "vendor": "Siemens",
    "product": "SIMATIC PCS neo (Administration Console) V4.0",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC PCS neo (Administration Console) V4.0 Update 1",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-646240.pdf

14 Sep 2023 10:39Current

5.6Medium risk

Vulners AI Score5.6

CVSS 3.15.5

EPSS0.00166

CWE-538