CVE-2023-46281

A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). When accessing the UMC Web-UI from affected products, UMC uses an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
siemensCNA
7.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
Affected Products (NVD)
VendorProductVersion
siemensopcenter_quality
-
siemenssimatic_pcs_neo
𝑥
< 4.1
siemenssinumerik_integrate_runmyhmi_\/automotive
-
siemenstotally_integrated_automation_portal
14.0 ≤
𝑥
< 15
siemenstotally_integrated_automation_portal
15 ≤
𝑥
< 16
siemenstotally_integrated_automation_portal
16 ≤
𝑥
< 17
siemenstotally_integrated_automation_portal
17 ≤
𝑥
< 18
siemenstotally_integrated_automation_portal
-
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
siemensopcenter_execution_foundation
𝑥
< 2407
CNA
siemensopcenter_execution_foundation
𝑥
< 2312
CNA
siemensopcenter_execution_foundation
𝑥
< 4.1
CNA
Common Weakness Enumeration
References
https://cert-portal.siemens.com/productcert/html/ssa-999588.html
https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf
https://cert-portal.siemens.com/productcert/html/ssa-999588.html
https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf