CVE-2023-46099: XSS
First published: Tue Nov 14 2023(Updated: )
A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). There is a stored cross-site scripting vulnerability in the Administration Console of the affected product, that could allow an attacker with high privileges to inject Javascript code into the application that is later executed by another legitimate user.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens SIMATIC Process Control SYSTEM Neo | <4.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID is CVE-2023-46099.
What is the severity of CVE-2023-46099?
The severity of CVE-2023-46099 is medium with a CVSS score of 5.4.
What is the affected software of CVE-2023-46099?
The affected software is Siemens Simatic PCS neo version up to exclusive 4.1.
How does CVE-2023-46099 impact the affected product?
CVE-2023-46099 allows an attacker with high privileges to inject JavaScript code into the Administration Console of Siemens Simatic PCS neo, leading to a stored cross-site scripting vulnerability.
Is there a fix available for CVE-2023-46099?
Siemens has released a security advisory with recommendations to mitigate the vulnerability. Please refer to the Siemens product CERT portal for more information.
- agent/event
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/remedy
- agent/severity
- agent/author
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- vendor/siemens
- canonical/siemens simatic process control system neo