Details of VAR-202309-0621

ID

VAR-202309-0621

CVE

CVE-2023-38558

TITLE

Siemens SIMATIC PCS neo (Administration Console) information leakage vulnerability

Trust: 0.6

sources: CNVD: CNVD-2023-69971

DESCRIPTION

A vulnerability has been identified in SIMATIC PCS neo (Administration Console) V4.0 (All versions), SIMATIC PCS neo (Administration Console) V4.0 Update 1 (All versions). The affected application leaks Windows admin credentials. An attacker with local access to the Administration Console could get the credentials, and impersonate the admin user, thereby gaining admin access to other Windows systems

Trust: 1.53

sources: NVD: CVE-2023-38558 // CNVD: CNVD-2023-69971 // VULMON: CVE-2023-38558

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2023-69971

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic pcs neo	scope:	eq	version:	4.0	Trust: 1.6
vendor:	siemens	model:	simatic pcs neo update	scope:	eq	version:	4.01	Trust: 0.6

sources: CNVD: CNVD-2023-69971 // NVD: CVE-2023-38558

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com:	CVE-2023-38558
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2023-69971
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2023-69971
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:S/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.1
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

productcert@siemens.com:	CVE-2023-38558
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2023-69971 // NVD: CVE-2023-38558

PROBLEMTYPE DATA

problemtype:	CWE-668	Trust: 1.0
problemtype:	CWE-538	Trust: 1.0

sources: NVD: CVE-2023-38558

PATCH

title:

Patch for Siemens SIMATIC PCS neo (Administration Console) information leakage vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/461016

Trust: 0.6

sources: CNVD: CNVD-2023-69971

EXTERNAL IDS

db:	NVD	id:	CVE-2023-38558	Trust: 1.7
db:	SIEMENS	id:	SSA-646240	Trust: 1.7
db:	CNVD	id:	CNVD-2023-69971	Trust: 0.6
db:	VULMON	id:	CVE-2023-38558	Trust: 0.1

sources: CNVD: CNVD-2023-69971 // VULMON: CVE-2023-38558 // NVD: CVE-2023-38558

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-646240.pdf	Trust: 1.1
url:	https://cert-portal.siemens.com/productcert/html/ssa-646240.html	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/538.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2023-69971 // VULMON: CVE-2023-38558 // NVD: CVE-2023-38558

SOURCES

db:	CNVD	id:	CNVD-2023-69971
db:	VULMON	id:	CVE-2023-38558
db:	NVD	id:	CVE-2023-38558

LAST UPDATE DATE

2024-08-14T15:41:37.144000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2023-69971	date:	2023-09-15T00:00:00
db:	VULMON	id:	CVE-2023-38558	date:	2023-09-14T00:00:00
db:	NVD	id:	CVE-2023-38558	date:	2023-09-20T14:03:07.620

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2023-69971	date:	2023-09-15T00:00:00
db:	VULMON	id:	CVE-2023-38558	date:	2023-09-14T00:00:00
db:	NVD	id:	CVE-2023-38558	date:	2023-09-14T11:15:07.643