CVE-2023-46282

Name of the Vulnerable Software and Affected Versions Opcenter Execution Foundation versions prior to V2407 Opcenter Quality versions prior to V2312 SIMATIC PCS neo versions prior to V4.1 SINEC NMS versions prior to V2.0 SP1 Totally Integrated Automation Portal (TIA Portal) V14 Totally Integrated Automation Portal (TIA Portal) V15.1 Totally Integrated Automation Portal (TIA Portal) V16 Totally Integrated Automation Portal (TIA Portal) V17 versions prior to V17 Update 8 Totally Integrated Automation Portal (TIA Portal) V18 versions prior to V18 Update 3

Description A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected applications, allowing an attacker to inject arbitrary JavaScript code. This code could be potentially executed later by another user. The issue is related to the lack of protection of the web page structure, which could allow a remote attacker to execute arbitrary code.

Recommendations For Opcenter Execution Foundation versions prior to V2407, update to version V2407 or later. For Opcenter Quality versions prior to V2312, update to version V2312 or later. For SIMATIC PCS neo versions prior to V4.1, update to version V4.1 or later. For SINEC NMS versions prior to V2.0 SP1, update to version V2.0 SP1 or later. For Totally Integrated Automation Portal (TIA Portal) V14, consider disabling the web interface until a patch is available. For Totally Integrated Automation Portal (TIA Portal) V15.1, consider disabling the web interface until a patch is available. For Totally Integrated Automation Portal (TIA Portal) V16, consider disabling the web interface until a patch is available. For Totally Integrated Automation Portal (TIA Portal) V17 versions prior to V17 Update 8, update to V17 Update 8 or later. For Totally Integrated Automation Portal (TIA Portal) V18 versions prior to V18 Update 3, update to V18 Update 3 or later.