Описание
A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). The PUD Manager of affected products does not properly neutralize user provided inputs. This could allow an authenticated adjacent attacker to execute SQL statements in the underlying database.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
EPSS
6.3 Medium
CVSS3
8 High
CVSS3
Дефекты
Связанные уязвимости
A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). The PUD Manager of affected products does not properly neutralize user provided inputs. This could allow an authenticated adjacent attacker to execute SQL statements in the underlying database.
Уязвимость службы PUB Manager веб-системы управления технологическими процессами SIMATIC PCS neo, связанная с непринятием мер по защите структуры запроса SQL, позволяющая нарушителю выполнить произвольные SQL-запросы к базе данных
EPSS
6.3 Medium
CVSS3
8 High
CVSS3