CVE-2023-46097
published 2023-11-14CVE-2023-46097: A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). The PUD Manager of affected products does not properly neutralize user provided…
high8CVSS 3.1
AVAACLPRLUINSUCHIHAH
A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). The PUD Manager of affected products does not properly neutralize user provided inputs. This could allow an authenticated adjacent attacker to execute SQL statements in the underlying database.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | simatic_pcs_neo | < 4.1 | 4.1 |
| siemens | simatic_pcs_neo | — | — |