SIMATIC PCS neo PUD Manager Auth Bypass <4.1
CVE-2023-46096 Published on November 14, 2023
A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). The PUD Manager of affected products does not properly authenticate users in the PUD Manager web service. This could allow an unauthenticated adjacent attacker to generate a privileged token and upload additional documents.
Weakness Type
Missing Authentication for Critical Function
The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Products Associated with CVE-2023-46096
Want to know whenever a new CVE is published for Siemens Simatic Pcs Neo? stack.watch will email you.
Affected Versions
Siemens SIMATIC PCS neo Version All versions < V4.1 is affected by CVE-2023-46096Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.