Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 12/12/2023 Updated: 13/02/2024

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 0

Subscribe to Totally Integrated Automation Portal

A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), SINUMERIK Integrate RunMyHMI /Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). When accessing the UMC Web-UI from affected products, UMC uses an overly permissive CORS policy. This could allow an malicious user to trick a legitimate user to trigger unwanted behavior.

Vulnerable Product	Search on Vulmon	Subscribe to Product
siemens totally integrated automation portal 18
siemens simatic pcs neo
siemens totally integrated automation portal
siemens totally integrated automation portal -
siemens opcenter quality -
siemens sinumerik integrate runmyhmi \\/automotive -

CWE-942 https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf https://cert-portal.siemens.com/productcert/html/ssa-999588.html https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-46281

Vulnerability Summary

References

Vulmon Search

About

Products

Connect