Lucene search

[email protected]CVE-2023-23588

HistoryApr 11, 2023 - 10:15 a.m.

CVE-2023-23588

2023-04-1110:15:18

CWE-200

CWE-295

[email protected]

web.nvd.nist.gov

cve-2023-23588

simatic

ipc1047

ipc1047e

ipc647d

ipc647e

ipc847d

ipc847e

tls certificate

man-in-the-middle

6.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A vulnerability has been identified in SIMATIC IPC1047 (All versions), SIMATIC IPC1047E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC647D (All versions), SIMATIC IPC647E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC847D (All versions), SIMATIC IPC847E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows). The Adaptec Maxview application on affected devices is using a non-unique TLS certificate across installations to protect the communication from the local browser to the local application.
A local attacker may use this key to decrypt intercepted local traffic between the browser and the application and could perform a man-in-the-middle attack in order to modify data in transit.

Affected configurations

NVD

Node

siemenssimatic_ipc647d_firmware

AND

siemenssimatic_ipc647dMatch-

Node

siemenssimatic_ipc847d_firmware

AND

siemenssimatic_ipc847dMatch-

Node

siemenssimatic_ipc1047_firmware

AND

siemenssimatic_ipc1047Match-

Node

microchipmaxview_storage_managerRange<4.09.00.25611windows

AND

siemenssimatic_ipc1047eMatch-

siemenssimatic_ipc647eMatch-

siemenssimatic_ipc847eMatch-

CPENameOperatorVersion
siemens:simatic_ipc647d_firmwaresiemens simatic ipc647d firmwareeq*

CPE	Name	Operator	Version
siemens:simatic_ipc647d_firmware	siemens simatic ipc647d firmware	eq	*

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "SIMATIC IPC1047",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC IPC1047E",
    "versions": [
      {
        "version": "All versions with maxView Storage Manager < 4.09.00.25611 on Windows",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC IPC647D",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC IPC647E",
    "versions": [
      {
        "version": "All versions with maxView Storage Manager < 4.09.00.25611 on Windows",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC IPC847D",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC IPC847E",
    "versions": [
      {
        "version": "All versions with maxView Storage Manager < 4.09.00.25611 on Windows",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-511182.pdf

6.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2023-23588

prion1 cvelist1 ics1 nvd1