Lucene search

PRIOn knowledge basePRION:CVE-2023-48430

HistoryDec 12, 2023 - 12:15 p.m.

Design/Logic Flaw

2023-12-1212:15:00

PRIOn knowledge base

www.prio-n.com

vulnerability

sinec ins

api

length parameter

malicious admin

server crash

automatic restart

2.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

6.9 Medium

AI Score

Confidence

High

3.3 Low

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

MULTIPLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:M/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

11.1%

JSON

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The REST API of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the API. The server will automatically restart.

CPENameOperatorVersion
sinec_inseq1.0 sp1
sinec_inslt1.0
sinec_inseq1.0
sinec_inseq1.0 sp2
sinec_inseq1.0 sp2update1

Name	Operator	Version
sinec_ins	eq	1.0 sp1
sinec_ins	lt	1.0
sinec_ins	eq	1.0
sinec_ins	eq	1.0 sp2
sinec_ins	eq	1.0 sp2update1

References

cert-portal.siemens.com/productcert/pdf/ssa-077170.pdf

2.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

6.9 Medium

AI Score

Confidence

High

3.3 Low

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

MULTIPLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:M/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

11.1%

JSON

Related for PRION:CVE-2023-48430