A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). When accessing the UMC Web-UI from affected products, UMC uses an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior.
oryginał ENCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:LSiemens Opcenter Quality
APPSiemenswszystkie wersjeSiemens Simatic Pcs Neo
APPSiemens< 4.1Siemens Sinumerik Integrate Runmyhmi \/automotive
APPSiemenswszystkie wersjeSiemens Totally Integrated Automation Portal
APPSiemens1815 – 16 (bez)16 – 17 (bez)17 – 18 (bez)14.0 – 15 (bez)
Powiązane podatności
Stack-based buffer overflow w Siemens SIMATIC PCS neo i UMC — RCE bez uwierzytelnienia
A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote ...
A vulnerability has been identified in Opcenter Quality (All versions < V12.2), QMS Automotive (All versions <...
A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions...
A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions...