CVE-2023-46281

A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). When accessing the UMC Web-UI from affected products, UMC uses an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://cert-portal.siemens.com/productcert/html/ssa-999588.html
https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:siemens:opcenter_quality:-:::::::*
	cpe:2.3:a:siemens:simatic_pcs_neo::::::::
	cpe:2.3:a:siemens:sinumerik_integrate_runmyhmi_\/automotive:-:::::::*
	cpe:2.3:a:siemens:totally_integrated_automation_portal::::::::
	cpe:2.3:a:siemens:totally_integrated_automation_portal::::::::
	cpe:2.3:a:siemens:totally_integrated_automation_portal::::::::
	cpe:2.3:a:siemens:totally_integrated_automation_portal::::::::
	cpe:2.3:a:siemens:totally_integrated_automation_portal:-:::::::*
	cpe:2.3:a:siemens:totally_integrated_automation_portal:18:::::::*
	cpe:2.3:a:siemens:totally_integrated_automation_portal:18:update_1::::::

History

No history.

Information

Published : 2023-12-12 12:15

Updated : 2024-05-14 16:15

NVD link : CVE-2023-46281

Mitre link : CVE-2023-46281

CVE.ORG link : CVE-2023-46281

JSON object : View

Products Affected

siemens

sinumerik_integrate_runmyhmi_\/automotive
opcenter_quality
simatic_pcs_neo
totally_integrated_automation_portal

CWE

CWE-942

Permissive Cross-domain Policy with Untrusted Domains

{"id": "CVE-2023-46281", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "productcert@siemens.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.5, "exploitabilityScore": 1.6}]}, "published": "2023-12-12T12:15:13.653", "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-999588.html", "source": "productcert@siemens.com"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf", "tags": ["Patch", "Vendor Advisory"], "source": "productcert@siemens.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-942"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). When accessing the UMC Web-UI from affected products, UMC uses an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en:\nOpcenter Quality (todas las versiones), \nSIMATIC PCS neo (todas las versiones < V4.1), \nSINUMERIK Integrate RunMyHMI /Automotive (todas las versiones), \nTotally Integrated Automation Portal (TIA Portal) V14 (todas las versiones), \nTotally Integrated Automation Portal (TIA Portal) V15.1 (todas las versiones), \nTotally Integrated Automation Portal (TIA Portal) V16 (todas las versiones), \nTotally Integrated Automation Portal (TIA Portal) V17 (todas las versiones), \nTotally Integrated Automation Portal (TIA Portal) ) V18 (Todas las versiones "}], "lastModified": "2024-05-14T16:15:42.297", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siemens:opcenter_quality:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D9D89CD-FDA5-42F0-8161-3752C8AED7F3"}, {"criteria": "cpe:2.3:a:siemens:simatic_pcs_neo:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96D49ACA-BF2E-4C89-8168-E4A95D5B22AA", "versionEndExcluding": "4.1"}, {"criteria": "cpe:2.3:a:siemens:sinumerik_integrate_runmyhmi_\\/automotive:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D882C3C8-EFE7-4DB6-B3E7-6152D7FEB74C"}, {"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29E53F22-9086-40A2-85E0-20B58EC1E4BB", "versionEndExcluding": "15", "versionStartIncluding": "14.0"}, {"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F86DBB7-A5C7-43C4-8B64-0B67C90B79A8", "versionEndExcluding": "16", "versionStartIncluding": "15"}, {"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0BCF747-13ED-4AE7-9BE7-37858573AF27", "versionEndExcluding": "17", "versionStartIncluding": "16"}, {"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C83587B9-53E2-4B2F-9FE4-5DDD232571F6", "versionEndExcluding": "18", "versionStartIncluding": "17"}, {"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "085B0B91-40DE-4328-A28C-1C920A6440D1"}, {"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68C7D9A3-9304-4A81-A970-717E5BA1ECF1"}, {"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:18:update_1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A09C712-871D-4A81-A630-33BC5DF49FE5"}], "operator": "OR"}]}], "sourceIdentifier": "productcert@siemens.com"}