CVE-2023-46281
First published: Tue Dec 12 2023(Updated: )
A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). When accessing the UMC Web-UI from affected products, UMC uses an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens Opcenter Quality | ||
| Siemens SIMATIC PCS neo V4.0 | <4.1 | |
| Siemens SINUMERIK Integrate Run MyHMI/Automotive | ||
| Siemens Totally Integrated Automation Portal (TIA Portal) | >=14.0<15 | |
| Siemens Totally Integrated Automation Portal (TIA Portal) | >=15<16 | |
| Siemens Totally Integrated Automation Portal (TIA Portal) | >=16<17 | |
| Siemens Totally Integrated Automation Portal (TIA Portal) | ||
| Siemens Totally Integrated Automation Portal (TIA Portal) | =18 | |
| Siemens Totally Integrated Automation Portal (TIA Portal) | =18-update_1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-46281?
CVE-2023-46281 is classified as a high severity vulnerability due to the potential impact on affected software.
How do I fix CVE-2023-46281?
To fix CVE-2023-46281, update affected Siemens software to the latest versions as specified in security advisories.
What versions are affected by CVE-2023-46281?
CVE-2023-46281 affects all versions of Siemens Opcenter Execution Foundation (versions < V2407), Opcenter Quality (versions < V2312), SIMATIC PCS neo (versions < V4.1), and TIA Portal (all versions including V14 and subsequent versions up to V18).
What are the potential risks of CVE-2023-46281?
The potential risks of CVE-2023-46281 include unauthorized access and control over operational technology systems, which could lead to operational disruptions.
Is there a patch available for CVE-2023-46281?
Yes, Siemens has released patches for CVE-2023-46281 that users should apply to mitigate the vulnerability.
- agent/type
- agent/first-publish-date
- agent/remedy
- agent/author
- agent/severity
- agent/weakness
- agent/event
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/siemens
- canonical/siemens opcenter quality
- canonical/siemens simatic pcs neo v4.0
- canonical/siemens sinumerik integrate run myhmi/automotive
- canonical/siemens totally integrated automation portal (tia portal)
- version/siemens totally integrated automation portal (tia portal)/14.0
- version/siemens totally integrated automation portal (tia portal)/15
- version/siemens totally integrated automation portal (tia portal)/16
- version/siemens totally integrated automation portal (tia portal)/17
- version/siemens totally integrated automation portal (tia portal)/18
- version/siemens totally integrated automation portal (tia portal)/18-update_1