SIMATIC PCS neo <V4.1 | Stored XSS in Admin Console
CVE-2023-46099 Published on November 14, 2023
A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). There is a stored cross-site scripting vulnerability in the Administration Console of the affected product, that could allow an attacker with high privileges to inject Javascript code into the application that is later executed by another legitimate user.
Weakness Type
What is a XSS Vulnerability?
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2023-46099 has been classified to as a XSS vulnerability or weakness.
Products Associated with CVE-2023-46099
Want to know whenever a new CVE is published for Siemens Simatic Pcs Neo? stack.watch will email you.
Affected Versions
Siemens SIMATIC PCS neo Version All versions < V4.1 is affected by CVE-2023-46099Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.