6.2 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
6.2 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
A vulnerability has been identified in SIMATIC IPC1047 (All versions), SIMATIC IPC1047E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC647D (All versions), SIMATIC IPC647E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC847D (All versions), SIMATIC IPC847E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows). The Adaptec Maxview application on affected devices is using a non-unique TLS certificate across installations to protect the communication from the local browser to the local application.
A local attacker may use this key to decrypt intercepted local traffic between the browser and the application and could perform a man-in-the-middle attack in order to modify data in transit.
[
{
"vendor": "Siemens",
"product": "SIMATIC IPC1047",
"versions": [
{
"version": "All versions",
"status": "affected"
}
],
"defaultStatus": "unknown"
},
{
"vendor": "Siemens",
"product": "SIMATIC IPC1047E",
"versions": [
{
"version": "All versions with maxView Storage Manager < 4.09.00.25611 on Windows",
"status": "affected"
}
],
"defaultStatus": "unknown"
},
{
"vendor": "Siemens",
"product": "SIMATIC IPC647D",
"versions": [
{
"version": "All versions",
"status": "affected"
}
],
"defaultStatus": "unknown"
},
{
"vendor": "Siemens",
"product": "SIMATIC IPC647E",
"versions": [
{
"version": "All versions with maxView Storage Manager < 4.09.00.25611 on Windows",
"status": "affected"
}
],
"defaultStatus": "unknown"
},
{
"vendor": "Siemens",
"product": "SIMATIC IPC847D",
"versions": [
{
"version": "All versions",
"status": "affected"
}
],
"defaultStatus": "unknown"
},
{
"vendor": "Siemens",
"product": "SIMATIC IPC847E",
"versions": [
{
"version": "All versions with maxView Storage Manager < 4.09.00.25611 on Windows",
"status": "affected"
}
],
"defaultStatus": "unknown"
}
]
6.2 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
6.2 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%