CVE-2023-46281

A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI /Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). When accessing the UMC Web-UI from affected products, UMC uses an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior.

CVSS v3.0 8.8 HIGH

8.8^/10

CVSS v3.0 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:siemens:totally_integrated_automation_portal:18:::::::*
	cpe:2.3:a:siemens:simatic_pcs_neo::::::::
	cpe:2.3:a:siemens:totally_integrated_automation_portal:18:update_1::::::
	cpe:2.3:a:siemens:totally_integrated_automation_portal::::::::
	cpe:2.3:a:siemens:totally_integrated_automation_portal::::::::
	cpe:2.3:a:siemens:totally_integrated_automation_portal:-:::::::*
	cpe:2.3:a:siemens:opcenter_quality:-:::::::*
	cpe:2.3:a:siemens:totally_integrated_automation_portal::::::::
	cpe:2.3:a:siemens:totally_integrated_automation_portal::::::::
	cpe:2.3:a:siemens:sinumerik_integrate_runmyhmi_\/automotive:-:::::::*

Information

Published : 2023-12-12 12:15

Updated : 2024-01-09 10:15

NVD link : CVE-2023-46281

Mitre link : CVE-2023-46281

JSON object : View

Products Affected

siemens

opcenter_quality
simatic_pcs_neo
totally_integrated_automation_portal
sinumerik_integrate_runmyhmi_\/automotive

CWE

CWE-942

Permissive Cross-domain Policy with Untrusted Domains

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf", "tags": ["Patch", "Vendor Advisory"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI\u00a0/Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). When accessing the UMC Web-UI from affected products, UMC uses an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-942"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2023-46281", "ASSIGNER": "productcert@siemens.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}}, "publishedDate": "2023-12-12T12:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:siemens:totally_integrated_automation_portal:18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs_neo:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "4.1"}, {"cpe23Uri": "cpe:2.3:a:siemens:totally_integrated_automation_portal:18:update_1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:siemens:totally_integrated_automation_portal:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "16", "versionStartIncluding": "15"}, {"cpe23Uri": "cpe:2.3:a:siemens:totally_integrated_automation_portal:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "17", "versionStartIncluding": "16"}, {"cpe23Uri": "cpe:2.3:a:siemens:totally_integrated_automation_portal:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:siemens:opcenter_quality:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:siemens:totally_integrated_automation_portal:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "18", "versionStartIncluding": "17"}, {"cpe23Uri": "cpe:2.3:a:siemens:totally_integrated_automation_portal:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "15", "versionStartIncluding": "14.0"}, {"cpe23Uri": "cpe:2.3:a:siemens:sinumerik_integrate_runmyhmi_\\/automotive:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2024-01-09T10:15Z"}