HIGH🇵🇱 Wersja polska

CVE-2023-46282

CVSS 7.1v3.1pub. 2023-12-12upd. 2024-11-21

A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected applications that could allow an attacker to inject arbitrary JavaScript code. The code could be potentially executed later by another (possibly privileged) user.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L
  • Siemens Opcenter Quality

    APP
    Siemens
    wszystkie wersje
  • Siemens Simatic Pcs Neo

    APP
    Siemens
    < 4.1
  • Siemens Sinumerik Integrate Runmyhmi \/automotive

    APP
    Siemens
    wszystkie wersje
  • Siemens Totally Integrated Automation Portal

    APP
    Siemens
    1815 – 16 (bez)16 – 17 (bez)17 – 18 (bez)14.0 – 15 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
References

Related vulnerabilities

CVE-2025-40795CRITICAL9.3PL ✓ten sam produkt

Stack-based buffer overflow w Siemens SIMATIC PCS neo i UMC — RCE bez uwierzytelnienia

CVE-2021-20093CRITICAL9.1ten sam produkt

A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote ...

CVE-2021-27389CRITICAL9.8ten sam produkt

A vulnerability has been identified in Opcenter Quality (All versions < V12.2), QMS Automotive (All versions <...

CVE-2025-40796HIGH8.7ten sam produkt

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions...

CVE-2025-40797HIGH8.7ten sam produkt

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions...