CVE-2023-46282: XSS
First published: Tue Dec 12 2023(Updated: )
A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected applications that could allow an attacker to inject arbitrary JavaScript code. The code could be potentially executed later by another (possibly privileged) user.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens Opcenter Quality | ||
| Siemens SIMATIC Process Control SYSTEM Neo | <4.1 | |
| Siemens SINUMERIK Integrate Run MyHMI/Automotive | ||
| Siemens Totally Integrated Automation Portal (TIA Portal) | >=14.0<15 | |
| Siemens Totally Integrated Automation Portal (TIA Portal) | >=15<16 | |
| Siemens Totally Integrated Automation Portal (TIA Portal) | >=16<17 | |
| Siemens Totally Integrated Automation Portal (TIA Portal) | ||
| Siemens Totally Integrated Automation Portal (TIA Portal) | =18 | |
| Siemens Totally Integrated Automation Portal (TIA Portal) | =18-update_1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-46282?
CVE-2023-46282 has been classified as a significant vulnerability affecting multiple Siemens products.
How do I fix CVE-2023-46282?
To remediate CVE-2023-46282, update all affected Siemens products to their latest versions as specified in vendor advisories.
Which Siemens products are affected by CVE-2023-46282?
CVE-2023-46282 affects Opcenter Execution Foundation, Opcenter Quality, SIMATIC PCS neo, SINEC NMS, and several versions of the Totally Integrated Automation Portal.
When was CVE-2023-46282 disclosed?
CVE-2023-46282 was disclosed as part of a broader advisory by Siemens, detailing multiple vulnerabilities.
What potential impact does CVE-2023-46282 have?
Exploitation of CVE-2023-46282 could allow attackers to affect the integrity and availability of the affected Siemens systems.
- agent/type
- agent/first-publish-date
- agent/remedy
- agent/weakness
- agent/severity
- agent/author
- agent/event
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/siemens
- canonical/siemens opcenter quality
- canonical/siemens simatic process control system neo
- canonical/siemens sinumerik integrate run myhmi/automotive
- canonical/siemens totally integrated automation portal (tia portal)
- version/siemens totally integrated automation portal (tia portal)/14.0
- version/siemens totally integrated automation portal (tia portal)/15
- version/siemens totally integrated automation portal (tia portal)/16
- version/siemens totally integrated automation portal (tia portal)/17
- version/siemens totally integrated automation portal (tia portal)/18
- version/siemens totally integrated automation portal (tia portal)/18-update_1