Lucene search

PRIOn knowledge basePRION:CVE-2023-23588

HistoryApr 11, 2023 - 10:15 a.m.

Design/Logic Flaw

2023-04-1110:15:00

PRIOn knowledge base

www.prio-n.com

vulnerability

simatic ipc1047

simatic ipc1047e

simatic ipc647d

simatic ipc647e

simatic ipc847d

simatic ipc847e

adaptec maxview

tls certificate

local attacker

man-in-the-middle

data modification

6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A vulnerability has been identified in SIMATIC IPC1047 (All versions), SIMATIC IPC1047E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC647D (All versions), SIMATIC IPC647E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC847D (All versions), SIMATIC IPC847E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows). The Adaptec Maxview application on affected devices is using a non-unique TLS certificate across installations to protect the communication from the local browser to the local application.
A local attacker may use this key to decrypt intercepted local traffic between the browser and the application and could perform a man-in-the-middle attack in order to modify data in transit.

CPENameOperatorVersion
maxview_storage_managerlt4.09.00.25611

CPE	Name	Operator	Version
	maxview_storage_manager	lt	4.09.00.25611

References

cert-portal.siemens.com/productcert/pdf/ssa-511182.pdf