Siemens SIMATIC PCS neo
- EXECUTIVE SUMMARY
CVSS v3 8.0
ATTENTION: Exploitable from an adjacent network with low attack complexity
Equipment: SIMATIC PCS neo
Vulnerabilities: Missing Authentication for Critical Function, SQL Injection, Permissive Cross-domain Policy with Untrusted Domains, Cross-site Scripting
- RISK EVALUATION
- TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following Siemens products are affected:
SIMATIC PCS neo: Versions before V4.1
3.2 Vulnerability Overview
3.2.1 MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306
Affected products’ PUD Manager fails to authenticate users properly within its web service. This allows an unauthenticated attacker from an adjacent network to generate a privileged token and upload additional documents.
CVE-2023-46096 has been assigned to this vulnerability with a CVSS v3 base score of 6.5.
3.2.2 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND (‘SQL INJECTION’) CWE-89
The PUD Manager of affected products doesn’t adequately neutralize user-provided inputs, enabling an authenticated attacker from an adjacent network to execute SQL commands in the underlying database.
CVE-2023-46097 has been assigned to this vulnerability with a CVSS v3 base score of 6.3.
3.2.3 PERMISSIVE CROSS-DOMAIN POLICY WITH UNTRUSTED DOMAINS CWE-942
Accessing the Information Server from affected products involves an overly permissive CORS policy, allowing attackers to manipulate legitimate user actions.
CVE-2023-46098 has been assigned to this vulnerability with a CVSS v3 base score of 8.0.
3.2.4 IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (‘CROSS-SITE SCRIPTING’) CWE-79
CVE-2023-46099 has been assigned to this vulnerability with a CVSS v3 base score of 5.4.
CRITICAL INFRASTRUCTURE SECTORS: Multiple
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: Germany
Michael Messner from Siemens Energy reported these vulnerabilities to Siemens.
Siemens has released an updated version for SIMATIC PCS neo, recommending an update to V4.1 or later versions. Additionally, it’s advised to protect network access with appropriate mechanisms and configure the environment according to Siemens’ operational guidelines for industrial security.