Local Credential Exposure in SIMATIC PCS neo Administration Console by Siemens
CVE-2023-38558

5.5MEDIUM

Key Information:

Vendor: Siemens
Status: SIMATIC PCS neo (Administration Console) V4.0; SIMATIC PCS neo (Administration Console) V4.0 Update 1
Vendor: CVE Published:; 14 September 2023

Summary

A vulnerability in the Administration Console of SIMATIC PCS neo versions exposes Windows administrator credentials to local attackers. This security flaw allows unauthorized personnel with local access to retrieve sensitive credential information, potentially enabling them to impersonate administrators and gain further access to Windows-based systems. Organizations using affected versions are advised to review their security practices and implement measures to mitigate the risks associated with this vulnerability.

Affected Version(s)

SIMATIC PCS neo (Administration Console) V4.0 All versions

SIMATIC PCS neo (Administration Console) V4.0 Update 1 All versions

References

https://cert-portal.siemens.com/productcert/pdf/ssa-64624...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 14, 2023
Vulnerability Reserved
Jul 20, 2023