Lucene search

[email protected]NVD:CVE-2023-27408

HistoryMay 09, 2023 - 1:15 p.m.

CVE-2023-27408

2023-05-0913:15:16

CWE-378

[email protected]

web.nvd.nist.gov

vulnerability

scalance lpe9403

mutex file

insecure permissions

ssh interface

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

4.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The i2c mutex file is created with the permissions bits of -rw-rw-rw-. This file is used as a mutex for multiple applications interacting with i2c. This could allow an authenticated attacker with access to the SSH interface on the affected device to interfere with the integrity of the mutex and the data it protects.

Affected configurations

NVD

Node

siemensscalance_lpe9403_firmwareRange<2.1

AND

siemensscalance_lpe9403Match-

References

cert-portal.siemens.com/productcert/pdf/ssa-325383.pdf

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

4.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for NVD:CVE-2023-27408

nessus1 cve1 cvelist1 prion1 ics1