Lucene search

[email protected]NVD:CVE-2023-51438

HistoryJan 09, 2024 - 10:15 a.m.

CVE-2023-51438

2024-01-0910:15:21

CWE-20

[email protected]

web.nvd.nist.gov

simatic

ipc

maxview storage manager

windows

redfish server

unauthorized access

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.7%

JSON

A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC647E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC847E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows). In default installations of maxView Storage Manager where Redfish® server is configured for remote system management, a vulnerability has been identified that can provide unauthorized access.

Affected configurations

NVD

Node

microchipmaxview_storage_managerRange<4.14.00.26068windows

AND

siemenssimatic_ipc1047eMatch-

siemenssimatic_ipc647eMatch-

siemenssimatic_ipc847eMatch-

References

cert-portal.siemens.com/productcert/pdf/ssa-702935.pdf

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.7%

JSON

Related for NVD:CVE-2023-51438

cnvd1 ics1 cvelist1 prion1 cve1