Lucene search

SiemensCVELIST:CVE-2023-46281

HistoryDec 12, 2023 - 11:27 a.m.

CVE-2023-46281

2023-12-1211:27:11

CWE-942

siemens

www.cve.org

security vulnerability

opcenter quality

simatic pcs neo

sinec nms

tia portal

cors policy

attacker

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.3%

JSON

A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). When accessing the UMC Web-UI from affected products, UMC uses an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior.

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "Opcenter Quality",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V2312",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC PCS neo",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V4.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SINEC NMS",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V2.0 SP1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Totally Integrated Automation Portal (TIA Portal) V14",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "*",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Totally Integrated Automation Portal (TIA Portal) V15.1",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "*",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Totally Integrated Automation Portal (TIA Portal) V16",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "*",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Totally Integrated Automation Portal (TIA Portal) V17",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V17 Update 7",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Totally Integrated Automation Portal (TIA Portal) V18",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V18 Update 3",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

cert-portal.siemens.com/productcert/html/ssa-999588.html

cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.3%

JSON

Related for CVELIST:CVE-2023-46281