CVE-2023-23588
Published Apr 11, 2023
Last updated 10 months ago
Overview
- Description
- A vulnerability has been identified in SIMATIC IPC1047 (All versions), SIMATIC IPC1047E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC647D (All versions), SIMATIC IPC647E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC847D (All versions), SIMATIC IPC847E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows). The Adaptec Maxview application on affected devices is using a non-unique TLS certificate across installations to protect the communication from the local browser to the local application. A local attacker may use this key to decrypt intercepted local traffic between the browser and the application and could perform a man-in-the-middle attack in order to modify data in transit.
- Source
- productcert@siemens.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.3
- Impact score
- 5.2
- Exploitability score
- 1
- Vector string
- CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
- Severity
- MEDIUM
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_ipc647d_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "43337EC1-0BF8-40B3-88BC-38F06EF48DC6"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_ipc647d:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "D0EF28FB-BAB3-4710-9D25-25F67ACADC60"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_ipc847d_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "681C8A24-C3AC-4CF4-8283-DAC337909CC9"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_ipc847d:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "D8F37D88-E086-4060-8420-BD0F8D8FF580"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_ipc1047_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E5DA20C3-90EE-4355-99FC-BACE6F77C56C"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_ipc1047:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "5E959C97-838B-41F6-BD73-AA5073975075"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microchip:maxview_storage_manager:*:*:*:*:*:windows:*:*",
"vulnerable": true,
"matchCriteriaId": "77C02716-54AE-4545-AB8C-4760F92271A2",
"versionEndExcluding": "4.09.00.25611"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_ipc1047e:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "85F2895E-AFB0-4516-B549-93CCD5BB5814"
},
{
"criteria": "cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "E430C4C5-D887-47C6-B50F-66EEE9519151"
},
{
"criteria": "cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "1157418C-14C4-43C4-B63E-7E98D868A94F"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]