CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2023-46285
https://notcve.org/view.php?id=CVE-2023-46285
12 Dec 2023 — A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All ... • https://cert-portal.siemens.com/productcert/html/ssa-999588.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2023-46284
https://notcve.org/view.php?id=CVE-2023-46284
12 Dec 2023 — A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All ... • https://cert-portal.siemens.com/productcert/html/ssa-999588.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2023-46283
https://notcve.org/view.php?id=CVE-2023-46283
12 Dec 2023 — A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All ... • https://cert-portal.siemens.com/productcert/html/ssa-999588.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.1EPSS: 0%CPEs: 10EXPL: 0CVE-2023-46282
https://notcve.org/view.php?id=CVE-2023-46282
12 Dec 2023 — A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All ... • https://cert-portal.siemens.com/productcert/html/ssa-999588.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2023-46281
https://notcve.org/view.php?id=CVE-2023-46281
12 Dec 2023 — A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All ... • https://cert-portal.siemens.com/productcert/html/ssa-999588.html • CWE-942: Permissive Cross-domain Policy with Untrusted Domains •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46099
https://notcve.org/view.php?id=CVE-2023-46099
14 Nov 2023 — A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). There is a stored cross-site scripting vulnerability in the Administration Console of the affected product, that could allow an attacker with high privileges to inject Javascript code into the application that is later executed by another legitimate user. Se ha identificado una vulnerabilidad en SIMATIC PCS neo (todas las versiones < V4.1). Existe una vulnerabilidad de cross-site scripting almacenada en la Consola de Administra... • https://cert-portal.siemens.com/productcert/pdf/ssa-456933.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46098
https://notcve.org/view.php?id=CVE-2023-46098
14 Nov 2023 — A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). When accessing the Information Server from affected products, the products use an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior. Se ha identificado una vulnerabilidad en SIMATIC PCS neo (todas las versiones < V4.1). Al acceder al servidor de información desde los productos afectados, los productos utilizan una política CORS demasiado permisiva. • https://cert-portal.siemens.com/productcert/pdf/ssa-456933.pdf • CWE-942: Permissive Cross-domain Policy with Untrusted Domains •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46097
https://notcve.org/view.php?id=CVE-2023-46097
14 Nov 2023 — A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). The PUD Manager of affected products does not properly neutralize user provided inputs. This could allow an authenticated adjacent attacker to execute SQL statements in the underlying database. Se ha identificado una vulnerabilidad en SIMATIC PCS neo (todas las versiones < V4.1). El PUD Manager de los productos afectados no neutraliza adecuadamente las entradas proporcionadas por el usuario. • https://cert-portal.siemens.com/productcert/pdf/ssa-456933.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46096
https://notcve.org/view.php?id=CVE-2023-46096
14 Nov 2023 — A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). The PUD Manager of affected products does not properly authenticate users in the PUD Manager web service. This could allow an unauthenticated adjacent attacker to generate a privileged token and upload additional documents. Se ha identificado una vulnerabilidad en SIMATIC PCS neo (todas las versiones < V4.1). El PUD Manager de los productos afectados no autentica adecuadamente a los usuarios en el servicio web PUD Manager. • https://cert-portal.siemens.com/productcert/pdf/ssa-456933.pdf • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-27194
https://notcve.org/view.php?id=CVE-2022-27194
12 Apr 2022 — A vulnerability has been identified in SIMATIC PCS neo (Administration Console) (All versions < V3.1 SP1), SINETPLAN (All versions), TIA Portal (V15, V15.1, V16 and V17). The affected system cannot properly process specially crafted packets sent to port 8888/tcp. A remote attacker could exploit this vulnerability to cause a Denial-of-Service condition. The affected devices must be restarted manually. Se ha identificado una vulnerabilidad en SIMATIC PCS neo (Consola de Administración) (todas las versiones an... • https://cert-portal.siemens.com/productcert/pdf/ssa-711829.pdf • CWE-400: Uncontrolled Resource Consumption •