CVE-2023-46099Cross-site Scripting in Siemens Simatic PCS NEO

CWE-79Cross-site Scripting3 documents3 sources
Severity
4.8MEDIUMNVD
CNA5.4
EPSS
0.1%
top 72.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Siemens Simatic PCS NEO
Timeline
PublishedNov 14

Description

A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). There is a stored cross-site scripting vulnerability in the Administration Console of the affected product, that could allow an attacker with high privileges to inject Javascript code into the application that is later executed by another legitimate user.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

CVEListV5siemens/simatic_pcs_neoAll versions < V4.1

Patches

Patch: cert-portal.siemens.comPatch: cert-portal.siemens.com

🔴Vulnerability Details

2
GHSA
GHSA-mhhf-5vm4-7jg8: A vulnerability has been identified in SIMATIC PCS neo (All versions < V42023-11-14
CVEList
CVE-2023-46099: A vulnerability has been identified in SIMATIC PCS neo (All versions < V42023-11-14
CVE-2023-46099 — Cross-site Scripting in Siemens | cvebase