CVE-2023-46281

CVSS V2 None CVSS V3 None

Description

A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). When accessing the UMC Web-UI from affected products, UMC uses an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior.

Overview

CVE ID
CVE-2023-46281

Assigner
siemens

Vulnerability Status
PUBLISHED

Published Version
2023-12-12T11:27:11.796Z

Last Modified Date
2024-05-15T07:23:43.235Z

Weakness Enumerations

CWE	URL
CWE-942	http://cwe.mitre.org/data/definitions/942.html

References

Reference URL	Reference Tags
https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf
https://cert-portal.siemens.com/productcert/html/ssa-999588.html

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-46281
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46281

History

Created	Old Value	New Value	Data Type	Notes
2024-06-24 22:25:36				Added to TrackCVE