Lucene search

SiemensCVELIST:CVE-2023-27407

HistoryMay 09, 2023 - 11:51 a.m.

CVE-2023-27407

2023-05-0911:51:22

CWE-77

siemens

www.cve.org

vulnerability

scalance lpe9403

web management

command injection

remote attacker

root user

cve-2023-27407

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C

9.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.9%

JSON

A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The web based management of affected device does not properly validate user input, making it susceptible to command injection. This could allow an authenticated remote attacker to access the underlying operating system as the root user.

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "SCALANCE LPE9403",
    "versions": [
      {
        "version": "All versions < V2.1",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-325383.pdf

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C

9.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.9%

JSON

Related for CVELIST:CVE-2023-27407