CVE-2023-51438

EPSS 0.34%
Published 09.01.2024 10:15:21
Last modified 21.11.2024 08:38:07
Source productcert@siemens.com
Teams watchlist Login
Open Login

A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC647E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC847E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows). In default installations of maxView Storage Manager where Redfish® server is configured for remote system management, a vulnerability has been identified that can provide unauthorized access.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Microchip ≫ Maxview Storage Manager SwPlatformwindows Version < 4.14.00.26068

   Siemens ≫ Simatic Ipc1047e Version-
   Siemens ≫ Simatic Ipc647e Version-
   Siemens ≫ Simatic Ipc847e Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.34%	0.562

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
productcert@siemens.com	10	3.9	6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://cert-portal.siemens.com/productcert/pdf/ssa-702935.pdf

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-51438

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-51438

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-51438

EUVD