CVE-2023-46099

Published: Nov 14, 2023Modified: Nov 21, 2024

4.8

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Exploitability: 1.7 / Impact: 2.7

Source: NVD

Description

A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). There is a stored cross-site scripting vulnerability in the Administration Console of the affected product, that could allow an attacker with high privileges to inject Javascript code into the application that is later executed by another legitimate user.

Affected (1)

Products: Siemens: Simatic Pcs Neo

1 product

Simatic Pcs Neo

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Siemens Simatic Pcs Neo	Before 4.1

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://cert-portal.siemens.com/productcert/pdf/ssa-456933.pdf

Source: productcert@siemens.com

PatchVendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-456933.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.