CVE-2023-25910 (simatic_pcs_7, simatic_s7-pm, simatic_step_7)

A vulnerability has been identified in SIMATIC PCS 7 (All versions), SIMATIC S7-PM (All versions), SIMATIC STEP 7 V5 (All versions < V5.7). The affected product contains a database management system that could allow remote users with low privileges to use embedded functions of the database (local or in a network share) that have impact on the server.

An attacker with network access to the server network could leverage these embedded functions to run code with elevated privileges in the …

a network cve database database management database management system embedded functions impact local low management network pcs privileges product share simatic system vulnerability