CVE-2023-46281 vulnerability in Siemens Products
Published on December 12, 2023
A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). When accessing the UMC Web-UI from affected products, UMC uses an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior.
Vulnerability Analysis
CVE-2023-46281 can be exploited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Permissive Cross-domain Policy with Untrusted Domains
The software uses a cross-domain policy file that includes domains that should not be trusted.
Products Associated with CVE-2023-46281
You can be notified by stack.watch whenever vulnerabilities like CVE-2023-46281 are published in these products:
What versions are vulnerable to CVE-2023-46281?
- Siemens Totally Integrated Automation Portal Version 18
- Siemens Simatic Pcs Neo Fixed in Version 4.1
- Siemens Totally Integrated Automation Portal Version 18 update_1
- Siemens Totally Integrated Automation Portal Version 15 Fixed in Version 16
- Siemens Totally Integrated Automation Portal Version 16 Fixed in Version 17
- Siemens Totally Integrated Automation Portal Version -
- Siemens Opcenter Quality Version -
- Siemens Totally Integrated Automation Portal Version 17 Fixed in Version 18
- Siemens Totally Integrated Automation Portal Version 14.0 Fixed in Version 15
- Siemens Sinumerik Integrate Runmyhmi Automotive Version -