What is the vulnerability ID of this vulnerability?

The vulnerability ID is CVE-2023-38558.

What is the severity of CVE-2023-38558?

The severity of CVE-2023-38558 is medium, with a severity value of 5.5.

What software is affected by CVE-2023-38558?

SIMATIC PCS neo (Administration Console) V4.0 and SIMATIC PCS neo (Administration Console) V4.0 Update 1 are affected by CVE-2023-38558.

How does the vulnerability in SIMATIC PCS neo (Administration Console) V4.0 work?

The vulnerability in SIMATIC PCS neo (Administration Console) V4.0 leaks Windows admin credentials, allowing an attacker with local access to the Administration Console to obtain them.

How can I fix CVE-2023-38558?

To fix CVE-2023-38558, it is recommended to apply the necessary patches and updates provided by Siemens.

Vulnerability/
CVE-2023-38558

medium

5.5

CWE

668 538

14/9/2023

27/2/2025

CVE-2023-38558

First published: Thu Sep 14 2023(Updated: )

A vulnerability has been identified in SIMATIC PCS neo (Administration Console) V4.0 (All versions), SIMATIC PCS neo (Administration Console) V4.0 Update 1 (All versions). The affected application leaks Windows admin credentials. An attacker with local access to the Administration Console could get the credentials, and impersonate the admin user, thereby gaining admin access to other Windows systems.

Credit: productcert@siemens.com

Affected Software	Affected Version	How to fix
Siemens SIMATIC Process Control SYSTEM Neo	=4.0
Siemens SIMATIC Process Control SYSTEM Neo	=4.0-update_1

Remedy

https://cert-portal.siemens.com/productcert/pdf/ssa-646240.pdf

Never miss a vulnerability like this again

Reference Links

https://cert-portal.siemens.com/productcert/pdf/ssa-646240.pdf

Frequently Asked Questions

What is the vulnerability ID of this vulnerability?
The vulnerability ID is CVE-2023-38558.
What is the title of this vulnerability?
The title of this vulnerability is 'A vulnerability has been identified in SIMATIC PCS neo (Administration Console) V4.0 (All versions)'.
What is the severity of CVE-2023-38558?
The severity of CVE-2023-38558 is medium, with a severity value of 5.5.
What software is affected by CVE-2023-38558?
SIMATIC PCS neo (Administration Console) V4.0 and SIMATIC PCS neo (Administration Console) V4.0 Update 1 are affected by CVE-2023-38558.
How does the vulnerability in SIMATIC PCS neo (Administration Console) V4.0 work?
The vulnerability in SIMATIC PCS neo (Administration Console) V4.0 leaks Windows admin credentials, allowing an attacker with local access to the Administration Console to obtain them.
How can I fix CVE-2023-38558?
To fix CVE-2023-38558, it is recommended to apply the necessary patches and updates provided by Siemens.

agent/weakness
agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/remedy
agent/last-modified-date
agent/references
agent/first-publish-date
agent/description
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-api
agent/software-canonical-lookup-request
collector/nvd-index
agent/author
vendor/siemens
canonical/siemens simatic process control system neo
version/siemens simatic process control system neo/4.0
version/siemens simatic process control system neo/4.0-update_1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.