CVE-2023-27409

2023-05-0913:15:16

CWE-22

[email protected]

web.nvd.nist.gov

vulnerability

scalance lpe9403

path traversal

cve-2023-27409

nvd

ssh interface

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

3.7 Low

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.6%

JSON

A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). A path traversal vulnerability was found in the deviceinfo binary via the mac parameter. This could allow an authenticated attacker with access to the SSH interface on the affected device to read the contents of any file named address.

Affected configurations

NVD

Node

siemensscalance_lpe9403_firmwareRange<2.1

AND

siemensscalance_lpe9403Match-

CPENameOperatorVersion
siemens:scalance_lpe9403_firmwaresiemens scalance lpe9403 firmwarelt2.1

CPE	Name	Operator	Version
siemens:scalance_lpe9403_firmware	siemens scalance lpe9403 firmware	lt	2.1

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "SCALANCE LPE9403",
    "versions": [
      {
        "version": "All versions < V2.1",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]