CVE-2023-46282

Published: Dic 12, 2023 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2023-50507 Aliases: GSD-2023-46282

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 7,1

Source: [email protected]

Attack Vector: network

Attack Complexity: high

Privileges Required: none

User Interaction: required

Scope: unchanged

Confidentiality: high

Integrity: high

Availability: low

Description

AI Translation Available

A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected applications that could allow an attacker to inject arbitrary JavaScript code. The code could be potentially executed later by another (possibly privileged) user.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0012

Percentile

0,3th

Updated

EPSS Score Trend (Last 90 Days)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Stable

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control Confidentiality Integrity Availability

Potential Impacts:

Bypass Protection Mechanism Read Application Data Execute Unauthorized Code Or Commands

Applicable Platforms

Technologies: AI/ML, Web Based, Web Server

Likelihood of Exploit: High

View CWE Details

Application

Totally Integrated Automation Portal by Siemens

Product Information

Vendor Siemens

Product Totally Integrated Automation Portal

Version -

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:siemens:totally_integrated_automation_portal:-:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Totally Integrated Automation Portal by Siemens

Product Information

Vendor Siemens

Product Totally Integrated Automation Portal

Version Range Affected

From 14.0 (inclusive)

To 15 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:siemens:totally_integrated_automation_portal:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Totally Integrated Automation Portal by Siemens

Product Information

Vendor Siemens

Product Totally Integrated Automation Portal

Version Range Affected

From 15 (inclusive)

To 16 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:siemens:totally_integrated_automation_portal:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Totally Integrated Automation Portal by Siemens

Product Information

Vendor Siemens

Product Totally Integrated Automation Portal

Version 18

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:siemens:totally_integrated_automation_portal:18:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Totally Integrated Automation Portal by Siemens

Product Information

Vendor Siemens

Product Totally Integrated Automation Portal

Version 18

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:siemens:totally_integrated_automation_portal:18:update_1:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Simatic Pcs Neo by Siemens

Product Information

Vendor Siemens

Product Simatic Pcs Neo

Version Range Affected

To 4.1 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:siemens:simatic_pcs_neo:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Opcenter Quality by Siemens

Product Information

Vendor Siemens

Product Opcenter Quality

Version -

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:siemens:opcenter_quality:-:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Totally Integrated Automation Portal by Siemens

Product Information

Vendor Siemens

Product Totally Integrated Automation Portal

Version Range Affected

From 16 (inclusive)

To 17 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:siemens:totally_integrated_automation_portal:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Totally Integrated Automation Portal by Siemens

Product Information

Vendor Siemens

Product Totally Integrated Automation Portal

Version Range Affected

From 17 (inclusive)

To 18 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:siemens:totally_integrated_automation_portal:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Sinumerik Integrate Runmyhmi \/Automotive by Siemens

Product Information

Vendor Siemens

Product Sinumerik Integrate Runmyhmi \/Automotive

Version -

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:siemens:sinumerik_integrate_runmyhmi_\/automotive:-:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

https://cert-portal.siemens.com/productcert/html/ssa-999588…

https://cert-portal.siemens.com/productcert/html/ssa-999588.html

https://cert-portal.siemens.com/productcert/pdf/ssa-999588.…

Patch Vendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf

https://cert-portal.siemens.com/productcert/html/ssa-999588…

https://cert-portal.siemens.com/productcert/html/ssa-999588.html

https://cert-portal.siemens.com/productcert/pdf/ssa-999588.…

Patch Vendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf

CVE-2023-46282

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 90 Days)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Common Consequences

Applicable Platforms

Totally Integrated Automation Portal by Siemens

Product Information

Totally Integrated Automation Portal by Siemens

Product Information

Totally Integrated Automation Portal by Siemens

Product Information

Totally Integrated Automation Portal by Siemens

Product Information

Totally Integrated Automation Portal by Siemens

Product Information

Simatic Pcs Neo by Siemens

Product Information

Opcenter Quality by Siemens

Product Information

Totally Integrated Automation Portal by Siemens

Product Information

Totally Integrated Automation Portal by Siemens

Product Information

Sinumerik Integrate Runmyhmi \/Automotive by Siemens

Product Information

Iscriviti alla newsletter