How severe is CVE-2023-46281?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2023-46281?

This is classified as CWE-942, which is a common weakness in software security.

CVE-2023-46281 - HIGH Severity | CVSS 8.8

Vulnerability Description

A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). When accessing the UMC Web-UI from affected products, UMC uses an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior.

Related Vulnerabilities

CVE-2021-34435

HIGH

CVSS:8.8(High)

In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a user to preview HTML files in an iframe inside the IDE. But with the way it is made it is possible for a previewed HTML file to t...

CWE-9422021

CVE-2023-46098

HIGH

CVSS:8.8(High)

A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). When accessing the Information Server from affected products, the products use an overly permissive CORS policy. This coul...

CWE-9422023

CVE-2024-41657

HIGH

CVSS:8.8(High)

Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform. In Casdoor 1.577.0 and earlier, a logic vulnerability exists in the beego filter CorsFilter that allows any ...

CWE-9422024

CVE-2023-25603

CRITICAL

CVSS:9.1(Critical)

A permissive cross-domain policy with untrusted domains vulnerability in Fortinet FortiADC 7.1.0 - 7.1.1, FortiDDoS-F 6.3.0 - 6.3.4 and 6.4.0 - 6.4.1 allow an unauthorized attacker to carry out privil...

CWE-9422023

CVE-2024-32862

HIGH

CVSS:8.1(High)

Under certain circumstances the ExacqVision Web Services does not provide sufficient protection from untrusted domains.

CWE-9422024

CVE-2024-41659

HIGH

CVSS:8.1(High)

memos is a privacy-first, lightweight note-taking service. A CORS misconfiguration exists in memos 0.20.1 and earlier where an arbitrary origin is reflected with Access-Control-Allow-Credentials set t...

CWE-9422024