CVE-2023-27407

2023-05-0913:15:16

CWE-77

CWE-78

[email protected]

web.nvd.nist.gov

vulnerability

scalance lpe9403

authenticated remote attacker

root access

cve-2023-27407

command injection

nvd

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.8%

JSON

A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The web based management of affected device does not properly validate user input, making it susceptible to command injection. This could allow an authenticated remote attacker to access the underlying operating system as the root user.

Affected configurations

NVD

Node

siemensscalance_lpe9403_firmwareRange<2.1

AND

siemensscalance_lpe9403Match-

CPENameOperatorVersion
siemens:scalance_lpe9403_firmwaresiemens scalance lpe9403 firmwarelt2.1

CPE	Name	Operator	Version
siemens:scalance_lpe9403_firmware	siemens scalance lpe9403 firmware	lt	2.1

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "SCALANCE LPE9403",
    "versions": [
      {
        "version": "All versions < V2.1",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]