CVE-2023-46096

Name of the Vulnerable Software and Affected Versions SIMATIC PCS neo versions prior to V4.1

Description The issue is related to a lack of authentication for a critical function in the administrative console of the SIMATIC PCS neo web system management technology process. This could allow a remote attacker to upload arbitrary documents. The PUD Manager of affected products does not properly authenticate users in the PUD Manager web service, which could allow an unauthenticated adjacent attacker to generate a privileged token and upload additional documents.

Recommendations For versions prior to V4.1, update to version V4.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the PUD Manager web service to minimize the risk of exploitation. Avoid using the PUD Manager until the issue is resolved.