Vulnerabilities > CVE-2023-46096 - Unspecified vulnerability in Siemens Simatic PCS NEO 3.0/3.1/4.0

CVSS 6.5 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

low complexity

siemens

NVD

Published: 2023-11-14

Updated: 2024-11-21

Summary

A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). The PUD Manager of affected products does not properly authenticate users in the PUD Manager web service. This could allow an unauthenticated adjacent attacker to generate a privileged token and upload additional documents.

Vulnerable Configurations

Part	Description	Count
Application	Siemens Siemens Simatic PCS NEO - Siemens Simatic PCS NEO 3.0 Siemens Simatic PCS NEO 3.1 Siemens Simatic PCS NEO 4.0	5

References

https://cert-portal.siemens.com/productcert/pdf/ssa-456933.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-456933.pdf