Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2023-46282
HistoryDec 12, 2023 - 12:15 p.m.

CVE-2023-46282

2023-12-1212:15:13
CWE-79
[email protected]
web.nvd.nist.gov
cve-2023-46282
opcenter quality
simatic pcs neo
sinec nms
cross-site scripting
privileged user

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.0%

JSON

A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected applications that could allow an attacker to inject arbitrary JavaScript code. The code could be potentially executed later by another (possibly privileged) user.

Affected configurations

NVD
Node
siemensopcenter_qualityMatch-
OR
siemenssimatic_pcs_neoRange<4.1
OR
siemenssinumerik_integrate_runmyhmi_\/automotiveMatch-
OR
siemenstotally_integrated_automation_portalRange14.015
OR
siemenstotally_integrated_automation_portalRange1516
OR
siemenstotally_integrated_automation_portalRange1617
OR
siemenstotally_integrated_automation_portalRange1718
OR
siemenstotally_integrated_automation_portalMatch-
OR
siemenstotally_integrated_automation_portalMatch18
OR
siemenstotally_integrated_automation_portalMatch18update_1

Related

cnvd 1
cvelist 1
prion 1
cve 1
ics 1
cnvd
cnvd
Siemens User Management Component (UMC) Cross-Site Scripting Vulnerability
2023-12-13 00:00:00
cvelist
cvelist
CVE-2023-46282
2023-12-12 11:27:13
prion
prion
Cross site scripting
2023-12-12 12:15:00
cve
cve
CVE-2023-46282
2023-12-12 12:15:13
ics
ics
Siemens User Management Component (UMC)
2023-12-14 12:00:00

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.0%

JSON
Related for NVD:CVE-2023-46282
cnvd1cvelist1prion1cve1ics1