CVE-2023-38558 Information

Description

A vulnerability has been identified in SIMATIC PCS neo (Administration Console) V4.0 (All versions) SIMATIC PCS neo (Administration Console) V4.0 Update 1 (All versions). The affected application leaks Windows admin credentials. An attacker with local access to the Administration Console could get the credentials and impersonate the admin user thereby gaining admin access to other Windows systems.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Reference

https://cert-portal.siemens.com/productcert/pdf/ssa-646240.pdf

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

5.5