CVE-2023-46096
First published: Tue Nov 14 2023(Updated: )
A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). The PUD Manager of affected products does not properly authenticate users in the PUD Manager web service. This could allow an unauthenticated adjacent attacker to generate a privileged token and upload additional documents.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens Simatic Pcs Neo | <4.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-46096.
What is the affected software?
The affected software is Siemens Simatic PCS neo versions up to exclusive 4.1.
What is the severity of CVE-2023-46096?
The severity of CVE-2023-46096 is medium with a CVSS score of 6.5.
What is the CWE ID for this vulnerability?
The CWE ID for this vulnerability is CWE-306.
How can I fix this vulnerability?
To fix this vulnerability, it is recommended to upgrade Siemens Simatic PCS neo to version 4.1 or higher.
- collector/nvd-api
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/siemens
- canonical/siemens simatic pcs neo