Vulnerabilities > Siemens > Simatic PCS NEO

DATE CVE VULNERABILITY TITLE RISK
2023-12-12 CVE-2023-46281 Overly Permissive Cross-domain Whitelist vulnerability in Siemens products
A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3).
network
low complexity
siemens CWE-942
8.8
8.8
2023-12-12 CVE-2023-46282 Cross-site Scripting vulnerability in Siemens products
A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3).
network
low complexity
siemens CWE-79
6.1
6.1
2023-12-12 CVE-2023-46283 Classic Buffer Overflow vulnerability in Siemens products
A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3).
network
low complexity
siemens CWE-120
7.5
7.5
2023-12-12 CVE-2023-46284 Out-of-bounds Write vulnerability in Siemens products
A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3).
network
low complexity
siemens CWE-787
7.5
7.5
2023-12-12 CVE-2023-46285 Unspecified vulnerability in Siemens products
A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3).
network
low complexity
siemens
7.5
7.5
2023-11-14 CVE-2023-46096 Missing Authentication for Critical Function vulnerability in Siemens Simatic PCS NEO 3.0/3.1/4.0
A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1).
low complexity
siemens CWE-306
6.5
6.5
2023-11-14 CVE-2023-46097 SQL Injection vulnerability in Siemens Simatic PCS NEO 3.0/3.1/4.0
A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1).
low complexity
siemens CWE-89
8.0
8.0
2023-11-14 CVE-2023-46098 Overly Permissive Cross-domain Whitelist vulnerability in Siemens Simatic PCS NEO 3.0/3.1/4.0
A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1).
network
low complexity
siemens CWE-942
8.8
8.8
2023-11-14 CVE-2023-46099 Cross-site Scripting vulnerability in Siemens Simatic PCS NEO 3.0/3.1/4.0
A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1).
network
low complexity
siemens CWE-79
4.8
4.8
2023-09-14 CVE-2023-38558 Exposure of Resource to Wrong Sphere vulnerability in Siemens Simatic PCS NEO 4.0
A vulnerability has been identified in SIMATIC PCS neo (Administration Console) V4.0 (All versions), SIMATIC PCS neo (Administration Console) V4.0 Update 1 (All versions).
local
low complexity
siemens CWE-668
5.5
5.5