CVE-2023-46099

A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). There is a stored cross-site scripting vulnerability in the Administration Console of the affected product, that could allow an attacker with high privileges to inject Javascript code into the application that is later executed by another legitimate user.

Published: Nov 14, 2023
Updated: Nov 21, 2023
CVE: CVE-2023-46099
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.8
AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
siemens / simatic_pcs_neo	-	4.1

https://cert-portal.siemens.com/productcert/pdf/ssa-456933.pdf

Vulnerability Database

289,599

CVE-2023-46099