Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-38558

A vulnerability has been identified in SIMATIC PCS neo (Administration Console) V4.0 (All versions), SIMATIC PCS neo (Administration Console) V4.0 Update 1 (All versions). The affected application leaks Windows admin credentials. An attacker with local access to the Administration Console could get the credentials, and impersonate the admin user, thereby gaining admin access to other Windows systems.

Published

2023-09-14T11:15:07.643

Last Modified

2024-11-21T08:13:49.637

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-538
Type: Primary
CWE-668

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	siemens	simatic_pcs_neo	4.0	Yes
Application	siemens	simatic_pcs_neo	4.0	Yes

References

https://cert-portal.siemens.com/productcert/pdf/ssa-646240.pdf Patch, Vendor Advisory ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-646240.pdf Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)