ID

VAR-202309-0621


CVE

CVE-2023-38558


TITLE

Siemens SIMATIC PCS neo (Administration Console) information leakage vulnerability

Trust: 0.6

sources: CNVD: CNVD-2023-69971

DESCRIPTION

A vulnerability has been identified in SIMATIC PCS neo (Administration Console) V4.0 (All versions), SIMATIC PCS neo (Administration Console) V4.0 Update 1 (All versions). The affected application leaks Windows admin credentials. An attacker with local access to the Administration Console could get the credentials, and impersonate the admin user, thereby gaining admin access to other Windows systems

Trust: 1.53

sources: NVD: CVE-2023-38558 // CNVD: CNVD-2023-69971 // VULMON: CVE-2023-38558

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2023-69971

AFFECTED PRODUCTS

vendor:siemensmodel:simatic pcs neoscope:eqversion:4.0

Trust: 1.6

vendor:siemensmodel:simatic pcs neo updatescope:eqversion:4.01

Trust: 0.6

sources: CNVD: CNVD-2023-69971 // NVD: CVE-2023-38558

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2023-38558
value: MEDIUM

Trust: 1.0

CNVD: CNVD-2023-69971
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2023-69971
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:S/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.1
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

productcert@siemens.com: CVE-2023-38558
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2023-69971 // NVD: CVE-2023-38558

PROBLEMTYPE DATA

problemtype:CWE-668

Trust: 1.0

problemtype:CWE-538

Trust: 1.0

sources: NVD: CVE-2023-38558

PATCH

title:Patch for Siemens SIMATIC PCS neo (Administration Console) information leakage vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/461016

Trust: 0.6

sources: CNVD: CNVD-2023-69971

EXTERNAL IDS

db:NVDid:CVE-2023-38558

Trust: 1.7

db:SIEMENSid:SSA-646240

Trust: 1.7

db:CNVDid:CNVD-2023-69971

Trust: 0.6

db:VULMONid:CVE-2023-38558

Trust: 0.1

sources: CNVD: CNVD-2023-69971 // VULMON: CVE-2023-38558 // NVD: CVE-2023-38558

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-646240.pdf

Trust: 1.1

url:https://cert-portal.siemens.com/productcert/html/ssa-646240.html

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/538.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2023-69971 // VULMON: CVE-2023-38558 // NVD: CVE-2023-38558

SOURCES

db:CNVDid:CNVD-2023-69971
db:VULMONid:CVE-2023-38558
db:NVDid:CVE-2023-38558

LAST UPDATE DATE

2024-08-14T15:41:37.144000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2023-69971date:2023-09-15T00:00:00
db:VULMONid:CVE-2023-38558date:2023-09-14T00:00:00
db:NVDid:CVE-2023-38558date:2023-09-20T14:03:07.620

SOURCES RELEASE DATE

db:CNVDid:CNVD-2023-69971date:2023-09-15T00:00:00
db:VULMONid:CVE-2023-38558date:2023-09-14T00:00:00
db:NVDid:CVE-2023-38558date:2023-09-14T11:15:07.643