CVE-2023-46098

Name of the Vulnerable Software and Affected Versions SIMATIC PCS neo versions prior to V4.1

Description The issue is related to the use of an overly permissive CORS policy when accessing the Information Server from affected products. This could allow an attacker to trick a legitimate user into triggering unwanted behavior, potentially leading to the execution of arbitrary code.

Recommendations For versions prior to V4.1, update to version V4.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Information Server to minimize the risk of exploitation. Avoid using the affected products to access the Information Server until the issue is resolved.