Improper Authentication in SIMATIC PCS neo by Siemens
CVE-2023-46096

6.5MEDIUM

Key Information:

Vendor: Siemens
Status: SIMATIC PCS neo
Vendor: CVE Published:; 14 November 2023

Summary

A security issue has been detected in SIMATIC PCS neo, where the PUD Manager web service fails to properly authenticate users. This vulnerability may allow an unauthorized attacker within the adjacent network to produce a privileged token, which could facilitate the upload of additional documents without the necessary permissions. It emphasizes the importance of robust authentication measures to protect against unauthorized access and potential data breaches.

Affected Version(s)

SIMATIC PCS neo All versions < V4.1

References

https://cert-portal.siemens.com/productcert/pdf/ssa-45693...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 14, 2023
Vulnerability Reserved
Oct 16, 2023