Multiple Vulnerabilities in SIMATIC PCS neo before V4.1

An attacker could exploit these vulnerabilities to inject malicious SQL commands, perform unauthorized actions without proper authentication, or inject scripts to compromise operator workstations and potentially alter control logic or process data.

This affects operators and engineers using SIMATIC PCS neo for process automation and control across sectors including water treatment, wastewater, power generation, and chemical manufacturing. The vulnerability impacts engineering workstations and the central control server where process logic and setpoints are configured and monitored.

An attacker with network access to SIMATIC PCS neo could submit malicious SQL queries to bypass authentication or modify database records, or inject scripts through the web interface to execute arbitrary commands on the engineering workstation or interfaced control systems.