CVE-2023-46285Improper Input Validation in Siemens Opcenter Execution Foundation

CWE-20Improper Input Validation5 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.2%
top 56.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Siemens Opcenter Execution FoundationSiemens Opcenter QualitySiemens Simatic PCS NEO+7 more
Timeline
PublishedDec 12

Description

A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Upda

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages11 packages

Patches

Patch: cert-portal.siemens.comPatch: cert-portal.siemens.com

🔴Vulnerability Details

2
GHSA
GHSA-84mm-xgw8-mv4q: A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V42023-12-12
CVEList
CVE-2023-46285: A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo2023-12-12

📋Vendor Advisories

2
BSD
OpenBSD 7.2 Errata 014: SECURITY FIX2023-01-17
BSD
OpenBSD 7.1 Errata 019: SECURITY FIX2023-01-17
CVE-2023-46285 — Improper Input Validation in Siemens | cvebase