CVE-2023-46098
published 2023-11-14CVE-2023-46098: A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). When accessing the Information Server from affected products, the products use an…
high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). When accessing the Information Server from affected products, the products use an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | simatic_pcs_neo | < 4.1 | 4.1 |
| siemens | simatic_pcs_neo | — | — |