6.3
CVE-2023-23588
- EPSS 0.04%
- Veröffentlicht 11.04.2023 10:15:18
- Zuletzt bearbeitet 21.11.2024 07:46:29
- Quelle productcert@siemens.com
- Teams Watchlist Login
- Unerledigt Login
A vulnerability has been identified in SIMATIC IPC1047 (All versions), SIMATIC IPC1047E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC647D (All versions), SIMATIC IPC647E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC847D (All versions), SIMATIC IPC847E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows). The Adaptec Maxview application on affected devices is using a non-unique TLS certificate across installations to protect the communication from the local browser to the local application. A local attacker may use this key to decrypt intercepted local traffic between the browser and the application and could perform a man-in-the-middle attack in order to modify data in transit.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microchip ≫ Maxview Storage Manager SwPlatformwindows Version < 4.09.00.25611
Siemens ≫ Simatic Ipc1047e Version-
Siemens ≫ Simatic Ipc647e Version-
Siemens ≫ Simatic Ipc847e Version-
Siemens ≫ Simatic Ipc647e Version-
Siemens ≫ Simatic Ipc847e Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.067 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.3 | 1 | 5.2 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
|
| productcert@siemens.com | 6.2 | 2.5 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.