CVE-2023-51438

EPSS 0.34%
Veröffentlicht 09.01.2024 10:15:21
Zuletzt bearbeitet 21.11.2024 08:38:07
Quelle productcert@siemens.com
Teams Watchlist Login
Unerledigt Login

A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC647E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC847E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows). In default installations of maxView Storage Manager where Redfish® server is configured for remote system management, a vulnerability has been identified that can provide unauthorized access.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microchip ≫ Maxview Storage Manager SwPlatformwindows Version < 4.14.00.26068

   Siemens ≫ Simatic Ipc1047e Version-
   Siemens ≫ Simatic Ipc647e Version-
   Siemens ≫ Simatic Ipc847e Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.34%	0.562

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
productcert@siemens.com	10	3.9	6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://cert-portal.siemens.com/productcert/pdf/ssa-702935.pdf

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-51438

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-51438

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-51438

EUVD