SIMATIC PCS neo Admin Console V4.0 CVE-2023-38558: Credentials Leak
CVE-2023-38558 Published on September 14, 2023
A vulnerability has been identified in SIMATIC PCS neo (Administration Console) V4.0 (All versions), SIMATIC PCS neo (Administration Console) V4.0 Update 1 (All versions). The affected application leaks Windows admin credentials. An attacker with local access to the Administration Console could get the credentials, and impersonate the admin user, thereby gaining admin access to other Windows systems.
Weakness Type
Insertion of Sensitive Information into Externally-Accessible File or Directory
The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.
Products Associated with CVE-2023-38558
Want to know whenever a new CVE is published for Siemens Simatic Pcs Neo? stack.watch will email you.
Affected Versions
Siemens SIMATIC PCS neo (Administration Console) V4.0:- Version All versions is affected.
- Version All versions is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.