Vulnerabilities > Overly Permissive Cross-domain Whitelist

DATE CVE VULNERABILITY TITLE RISK
2023-12-12 CVE-2023-46281 Overly Permissive Cross-domain Whitelist vulnerability in Siemens products
A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3).
network
low complexity
siemens CWE-942
8.8
2023-11-14 CVE-2023-25603 Overly Permissive Cross-domain Whitelist vulnerability in Fortinet Fortiadc and Fortiddos-F
A permissive cross-domain policy with untrusted domains vulnerability in Fortinet FortiADC 7.1.0 - 7.1.1, FortiDDoS-F 6.3.0 - 6.3.4 and 6.4.0 - 6.4.1 allow an unauthorized attacker to carry out privileged actions and retrieve sensitive information via crafted web requests.
network
low complexity
fortinet CWE-942
critical
9.1
2023-11-14 CVE-2023-46098 Overly Permissive Cross-domain Whitelist vulnerability in Siemens Simatic PCS NEO 3.0
A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1).
network
low complexity
siemens CWE-942
8.8