CVE-2023-46097 MEDIUM

CVE-2023-46097

Vendor Siemens
Product SIMATIC PCS neo
Weakness CWE-89 · SQLi
Published November 14, 2023
Last update January 8, 2025

CVSS base score

6.3/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L/E:P/RL:O/RC:C

What the vulnerability does

01Description

A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). The PUD Manager of affected products does not properly neutralize user provided inputs. This could allow an authenticated adjacent attacker to execute SQL statements in the underlying database.

Key dates

02Disclosure timeline

November 14, 2023 CVE published
January 8, 2025 Record updated