#VU83179 Overly permissive cross-domain whitelist in SIMATIC PCS neo
Vulnerability identifier: #VU83179
Vulnerability risk: Medium
CVSSv3.1: 7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-942
Exploitation vector: Local network
Exploit availability: No
Vulnerable software:
SIMATIC PCS neo
Web applications /
Other software
Vendor:
Description
The vulnerability allows a remote attacker to bypass the CORS protection mechanism.
The vulnerability exists due to incorrect processing of the "Origin" HTTP header that is supplied within HTTP request when accessing the Information Server. A remote attacker on the local network can trick a victim to trigger unwanted behavior
Mitigation
Install updates from vendor's website.
Vulnerable software versions
External links
http://cert-portal.siemens.com/productcert/pdf/ssa-456933.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
