CVE-2023-38558

A vulnerability has been identified in SIMATIC PCS neo (Administration Console) V4.0 (All versions), SIMATIC PCS neo (Administration Console) V4.0 Update 1 (All versions). The affected application leaks Windows admin credentials. An attacker with local access to the Administration Console could get the credentials, and impersonate the admin user, thereby gaining admin access to other Windows systems.

Published: Sep 14, 2023
Updated: Sep 15, 2023
CVE: CVE-2023-38558
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-538
CWE-668

Affected Software
References

Software	From	Fixed in
siemens / simatic_pcs_neo	4.0	4.0.x
siemens / simatic_pcs_neo	4.0-update_1	4.0-update_1.x

https://cert-portal.siemens.com/productcert/pdf/ssa-646240.pdf

Vulnerability Database

289,697

CVE-2023-38558