var-202311-0457
Vulnerability from variot
A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). There is a stored cross-site scripting vulnerability in the Administration Console of the affected product, that could allow an attacker with high privileges to inject Javascript code into the application that is later executed by another legitimate user. Siemens' SIMATIC PCS neo Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. SIMATIC PCS neo is a distributed control system (DCS)
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202311-0457", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "simatic pcs neo", "scope": "lt", "trust": 1.6, "vendor": "siemens", "version": "4.1" }, { "model": "simatic pcs neo", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic pcs neo", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "4.1" }, { "model": "simatic pcs neo", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-86335" }, { "db": "JVNDB", "id": "JVNDB-2023-017478" }, { "db": "NVD", "id": "CVE-2023-46099" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs_neo:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.1", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-46099" } ] }, "cve": "CVE-2023-46099", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 5.2, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 5.1, "id": "CNVD-2023-86335", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 1.7, "impactScore": 2.7, "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "author": "productcert@siemens.com", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 1.2, "impactScore": 3.7, "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.8, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2023-46099", "impactScore": null, "integrityImpact": "Low", "privilegesRequired": "High", "scope": "Changed", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-46099", "trust": 1.8, "value": "MEDIUM" }, { "author": "productcert@siemens.com", "id": "CVE-2023-46099", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNVD", "id": "CNVD-2023-86335", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-86335" }, { "db": "JVNDB", "id": "JVNDB-2023-017478" }, { "db": "NVD", "id": "CVE-2023-46099" }, { "db": "NVD", "id": "CVE-2023-46099" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SIMATIC PCS neo (All versions \u003c V4.1). There is a stored cross-site scripting vulnerability in the Administration Console of the affected product, that could allow an attacker with high privileges to inject Javascript code into the application that is later executed by another legitimate user. Siemens\u0027 SIMATIC PCS neo Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. SIMATIC PCS neo is a distributed control system (DCS)", "sources": [ { "db": "NVD", "id": "CVE-2023-46099" }, { "db": "JVNDB", "id": "JVNDB-2023-017478" }, { "db": "CNVD", "id": "CNVD-2023-86335" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-46099", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-456933", "trust": 2.4 }, { "db": "JVN", "id": "JVNVU92598492", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-23-320-06", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2023-017478", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2023-86335", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-86335" }, { "db": "JVNDB", "id": "JVNDB-2023-017478" }, { "db": "NVD", "id": "CVE-2023-46099" } ] }, "id": "VAR-202311-0457", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2023-86335" } ], "trust": 1.2076923 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-86335" } ] }, "last_update_date": "2024-01-18T20:58:14.160000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Siemens SIMATIC PCS neo cross-site scripting vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/481906" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-86335" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-79", "trust": 1.0 }, { "problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-017478" }, { "db": "NVD", "id": "CVE-2023-46099" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-456933.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu92598492/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-46099" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-06" }, { "trust": 0.6, "url": "https://cert-portal.siemens.com/productcert/html/ssa-456933.html" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-86335" }, { "db": "JVNDB", "id": "JVNDB-2023-017478" }, { "db": "NVD", "id": "CVE-2023-46099" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2023-86335" }, { "db": "JVNDB", "id": "JVNDB-2023-017478" }, { "db": "NVD", "id": "CVE-2023-46099" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-15T00:00:00", "db": "CNVD", "id": "CNVD-2023-86335" }, { "date": "2024-01-09T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-017478" }, { "date": "2023-11-14T11:15:14.840000", "db": "NVD", "id": "CVE-2023-46099" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-15T00:00:00", "db": "CNVD", "id": "CNVD-2023-86335" }, { "date": "2024-01-09T03:18:00", "db": "JVNDB", "id": "JVNDB-2023-017478" }, { "date": "2023-11-20T15:10:25.943000", "db": "NVD", "id": "CVE-2023-46099" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens\u0027 \u00a0SIMATIC\u00a0PCS\u00a0neo\u00a0 Cross-site scripting vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-017478" } ], "trust": 0.8 } }
Loading...