CVE-2023-46096
published 2023-11-14CVE-2023-46096: A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). The PUD Manager of affected products does not properly authenticate users in the…
medium6.5CVSS 3.1
AVAACLPRNUINSUCNIHAN
A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). The PUD Manager of affected products does not properly authenticate users in the PUD Manager web service. This could allow an unauthenticated adjacent attacker to generate a privileged token and upload additional documents.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | simatic_pcs_neo | < 4.1 | 4.1 |
| siemens | simatic_pcs_neo | — | — |