Lucene search

SiemensCVELIST:CVE-2023-46096

HistoryNov 14, 2023 - 11:04 a.m.

CVE-2023-46096

2023-11-1411:04:17

CWE-306

siemens

www.cve.org

simatic pcs neo

vulnerability

pud manager

authentication

web service

unauthenticated attacker

privileged token

document upload

cve-2023-46096

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C

AI Score

6.5

Confidence

High

EPSS

Percentile

15.5%

JSON

A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). The PUD Manager of affected products does not properly authenticate users in the PUD Manager web service. This could allow an unauthenticated adjacent attacker to generate a privileged token and upload additional documents.

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "SIMATIC PCS neo",
    "versions": [
      {
        "version": "All versions < V4.1",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-456933.pdf

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C

AI Score

6.5

Confidence

High

EPSS

Percentile

15.5%

JSON

Related for CVELIST:CVE-2023-46096