VYPR

SIMATIC PCS neo

by Siemens Foundation

CVEs (14)

  • CVE-2025-40566HigMay 13, 2025
    risk 0.57cvss 8.8epss 0.00

    A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions < V4.1 Update 3), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1). Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauthenticated attacker, who…

  • CVE-2023-46098HigNov 14, 2023
    risk 0.52cvss 8.0epss 0.01

    A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). When accessing the Information Server from affected products, the products use an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior.

  • CVE-2025-30176HigMay 13, 2025
    risk 0.49cvss 7.5epss 0.01

    A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated…

  • CVE-2025-30175HigMay 13, 2025
    risk 0.49cvss 7.5epss 0.01

    A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated…

  • CVE-2025-30174HigMay 13, 2025
    risk 0.49cvss 7.5epss 0.01

    A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated…

  • CVE-2023-46285HigDec 12, 2023
    risk 0.49cvss 7.5epss 0.01

    A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions),…

  • CVE-2023-46284HigDec 12, 2023
    risk 0.49cvss 7.5epss 0.01

    A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions),…

  • CVE-2023-46283HigDec 12, 2023
    risk 0.49cvss 7.5epss 0.01

    A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions),…

  • CVE-2022-27194HigApr 12, 2022
    risk 0.49cvss 7.5epss 0.01

    A vulnerability has been identified in SIMATIC PCS neo (Administration Console) (All versions < V3.1 SP1), SINETPLAN (All versions), TIA Portal (V15, V15.1, V16 and V17). The affected system cannot properly process specially crafted packets sent to port 8888/tcp. A remote…

  • CVE-2023-46282HigDec 12, 2023
    risk 0.46cvss 7.1epss 0.00

    A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions),…

  • CVE-2023-46281HigDec 12, 2023
    risk 0.46cvss 7.1epss 0.01

    A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions),…

  • CVE-2023-46096MedNov 14, 2023
    risk 0.42cvss 6.5epss 0.00

    A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). The PUD Manager of affected products does not properly authenticate users in the PUD Manager web service. This could allow an unauthenticated adjacent attacker to generate a privileged token and upload…

  • CVE-2023-46097MedNov 14, 2023
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). The PUD Manager of affected products does not properly neutralize user provided inputs. This could allow an authenticated adjacent attacker to execute SQL statements in the underlying database.

  • CVE-2023-46099MedNov 14, 2023
    risk 0.35cvss 5.4epss 0.00

    A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). There is a stored cross-site scripting vulnerability in the Administration Console of the affected product, that could allow an attacker with high privileges to inject Javascript code into the…