CVE-2023-46099

Name of the Vulnerable Software and Affected Versions SIMATIC PCS neo versions prior to V4.1

Description The issue is related to a stored cross-site scripting vulnerability in the Administration Console of SIMATIC PCS neo. This vulnerability could allow an attacker with high privileges to inject JavaScript code into the application, which is later executed by another legitimate user. The exploitation of this vulnerability may enable a remote attacker to execute arbitrary JavaScript code.

Recommendations For versions prior to V4.1, update to version V4.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Administration Console to minimize the risk of exploitation. Avoid using the Administration Console until the issue is resolved.