Lucene search

PRIOn knowledge basePRION:CVE-2023-44320

HistoryNov 14, 2023 - 11:15 a.m.

Authentication flaw

2023-11-1411:15:00

PRIOn knowledge base

www.prio-n.com

affected devices

authentication validation

web interface modification

authenticated attacker

user interface influence

administrator configuration

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

5.6 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

21.5%

JSON

Affected devices do not properly validate the authentication when performing certain modifications in the web interface allowing an authenticated attacker to influence the user interface configured by an administrator.

CPENameOperatorVersion
6ag1206-2bb00-7ac2_firmwarelt4.5
6ag1206-2bs00-7ac2_firmwarelt4.5
6ag1208-0ba00-7ac2_firmwarelt4.5
6ag1216-4bs00-7ac2_firmwarelt4.5
6gk5204-0ba00-2gf2_firmwarelt4.5
6gk5204-0ba00-2yf2_firmwarelt4.5
6gk5204-2aa00-2gf2_firmwarelt4.5
6gk5204-2aa00-2yf2_firmwarelt4.5
6gk5205-3bb00-2ab2_firmwarelt4.5
6gk5205-3bb00-2tb2_firmwarelt4.5

Name	Operator	Version
6ag1206-2bb00-7ac2_firmware	lt	4.5
6ag1206-2bs00-7ac2_firmware	lt	4.5
6ag1208-0ba00-7ac2_firmware	lt	4.5
6ag1216-4bs00-7ac2_firmware	lt	4.5
6gk5204-0ba00-2gf2_firmware	lt	4.5
6gk5204-0ba00-2yf2_firmware	lt	4.5
6gk5204-2aa00-2gf2_firmware	lt	4.5
6gk5204-2aa00-2yf2_firmware	lt	4.5
6gk5205-3bb00-2ab2_firmware	lt	4.5
6gk5205-3bb00-2tb2_firmware	lt	4.5

Rows per page:

1-10 of 711

References

cert-portal.siemens.com/productcert/html/ssa-180704.html

cert-portal.siemens.com/productcert/html/ssa-602936.html

cert-portal.siemens.com/productcert/html/ssa-699386.html

cert-portal.siemens.com/productcert/pdf/ssa-180704.pdf

cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

5.6 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

21.5%

JSON

Related for PRION:CVE-2023-44320