Main Vulnerability Database Vulnerabilities #VU83179

#VU83179 Overly permissive cross-domain whitelist in SIMATIC PCS neo - CVE-2023-46098

Published: November 15, 2023

Vulnerability identifier: #VU83179

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-46098

CWE-ID: CWE-942

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
SIMATIC PCS neo

Software vendor:
Siemens

Description

The vulnerability allows a remote attacker to bypass the CORS protection mechanism.

The vulnerability exists due to incorrect processing of the "Origin" HTTP header that is supplied within HTTP request when accessing the Information Server. A remote attacker on the local network can trick a victim to trigger unwanted behavior

Remediation

Install updates from vendor's website.

External links

https://cert-portal.siemens.com/productcert/pdf/ssa-456933.pdf

#VU83179 Overly permissive cross-domain whitelist in SIMATIC PCS neo - CVE-2023-46098

Description

Remediation

External links

Please verify you're human