CVE-2023-38558

EPSS 0.03%
Veröffentlicht 14.09.2023 11:15:07
Zuletzt bearbeitet 21.11.2024 08:13:49
Quelle productcert@siemens.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability has been identified in SIMATIC PCS neo (Administration Console) V4.0 (All versions), SIMATIC PCS neo (Administration Console) V4.0 Update 1 (All versions). The affected application leaks Windows admin credentials. An attacker with local access to the Administration Console could get the credentials, and impersonate the admin user, thereby gaining admin access to other Windows systems.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Siemens ≫ Simatic Pcs Neo Version4.0 Update-

Siemens ≫ Simatic Pcs Neo Version4.0 Updateupdate_1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.071

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
productcert@siemens.com	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory

The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.

CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

https://cert-portal.siemens.com/productcert/pdf/ssa-646240.pdf

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-38558

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-38558

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-38558

EUVD