5.5 CVE-2023-38558
Patch
A vulnerability has been identified in SIMATIC PCS neo (Administration Console) V4.0 (All versions), SIMATIC PCS neo (Administration Console) V4.0 Update 1 (All versions). The affected application leaks Windows admin credentials. An attacker with local access to the Administration Console could get the credentials, and impersonate the admin user, thereby gaining admin access to other Windows systems.
https://nvd.nist.gov/vuln/detail/CVE-2023-38558
Categories
CWE-668 : Exposure of Resource to Wrong Sphere
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
References
MISC Patch
| https://cert-portal.siemens.com/productcert/pdf/ssa-646240.pdf Patch Vendor Advisory |
CPE
| cpe | start | end |
|---|---|---|
| Configuration 1 | ||
| cpe:2.3:a:siemens:simatic_pcs_neo:4.0:-:*:*:*:*:*:* | ||
| cpe:2.3:a:siemens:simatic_pcs_neo:4.0:update_1:*:*:*:*:*:* | ||
REMEDIATION
Patch
| Url |
|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-646240.pdf |
EXPLOITS
Exploit-db.com
| id | description | date | |
|---|---|---|---|
| No known exploits | |||
Other (github, ...)
| Url |
|---|
| No known exploits |
CAPEC
Common Attack Pattern Enumerations and Classifications
| id | description | severity |
|---|---|---|
| No entry | ||
MITRE
Sherlock® flash
Take a picture of your computer network in a few clicks !
The Sherlock® flash audit solution allows you to perform an audit to strengthen the security of your IT assets. Vulnerability analysis of your physical and virtual equipment. Patch planning by priority level and time available. Detailed and intuitive reporting.
