Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Simatic_pcs_neo
(Siemens)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 17 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-12-12 | CVE-2023-46281 | A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA... | Opcenter_quality, Simatic_pcs_neo, Sinumerik_integrate_runmyhmi_\/automotive, Totally_integrated_automation_portal | 8.8 | ||
| 2023-12-12 | CVE-2023-46282 | A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA... | Opcenter_quality, Simatic_pcs_neo, Sinumerik_integrate_runmyhmi_\/automotive, Totally_integrated_automation_portal | 6.1 | ||
| 2023-12-12 | CVE-2023-46283 | A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA... | Opcenter_quality, Simatic_pcs_neo, Sinumerik_integrate_runmyhmi_\/automotive, Totally_integrated_automation_portal | 7.5 | ||
| 2023-12-12 | CVE-2023-46284 | A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA... | Opcenter_quality, Simatic_pcs_neo, Sinumerik_integrate_runmyhmi_\/automotive, Totally_integrated_automation_portal | 7.5 | ||
| 2023-12-12 | CVE-2023-46285 | A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA... | Opcenter_quality, Simatic_pcs_neo, Sinumerik_integrate_runmyhmi_\/automotive, Totally_integrated_automation_portal | 7.5 | ||
| 2023-11-14 | CVE-2023-46096 | A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). The PUD Manager of affected products does not properly authenticate users in the PUD Manager web service. This could allow an unauthenticated adjacent attacker to generate a privileged token and upload additional documents. | Simatic_pcs_neo | 6.5 | ||
| 2023-11-14 | CVE-2023-46097 | A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). The PUD Manager of affected products does not properly neutralize user provided inputs. This could allow an authenticated adjacent attacker to execute SQL statements in the underlying database. | Simatic_pcs_neo | 8.0 | ||
| 2023-11-14 | CVE-2023-46098 | A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). When accessing the Information Server from affected products, the products use an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior. | Simatic_pcs_neo | 8.8 | ||
| 2023-11-14 | CVE-2023-46099 | A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). There is a stored cross-site scripting vulnerability in the Administration Console of the affected product, that could allow an attacker with high privileges to inject Javascript code into the application that is later executed by another legitimate user. | Simatic_pcs_neo | 4.8 | ||
| 2023-09-14 | CVE-2023-38558 | A vulnerability has been identified in SIMATIC PCS neo (Administration Console) V4.0 (All versions), SIMATIC PCS neo (Administration Console) V4.0 Update 1 (All versions). The affected application leaks Windows admin credentials. An attacker with local access to the Administration Console could get the credentials, and impersonate the admin user, thereby gaining admin access to other Windows systems. | Simatic_pcs_neo | 5.5 |