CVE-2023-38558

Name of the Vulnerable Software and Affected Versions SIMATIC PCS neo (Administration Console) versions V4.0 through V4.0 Update 1

Description The issue is related to a leak of information about files and directories in the administration console of the SIMATIC PCS neo system, which can lead to the exposure of Windows admin credentials. An attacker with local access to the Administration Console could exploit this to gain admin access to other Windows systems by impersonating the admin user.

Recommendations For SIMATIC PCS neo (Administration Console) versions V4.0 through V4.0 Update 1, consider restricting local access to the Administration Console to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the use of the Administration Console to necessary personnel only, to reduce the potential for unauthorized access.