CVE-2023-23588

Published Apr 11, 2023

Last updated 4 months ago

CVSS medium 6.2

Overview

Description: A vulnerability has been identified in SIMATIC IPC1047 (All versions), SIMATIC IPC1047E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC647D (All versions), SIMATIC IPC647E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC847D (All versions), SIMATIC IPC847E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows). The Adaptec Maxview application on affected devices is using a non-unique TLS certificate across installations to protect the communication from the local browser to the local application. A local attacker may use this key to decrypt intercepted local traffic between the browser and the application and could perform a man-in-the-middle attack in order to modify data in transit.
Source: productcert@siemens.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.3
Impact score: 5.2
Exploitability score: 1
Vector string: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Severity: MEDIUM

Weaknesses

productcert@siemens.com: CWE-200
nvd@nist.gov: CWE-295

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc647d_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "43337EC1-0BF8-40B3-88BC-38F06EF48DC6"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc647d:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D0EF28FB-BAB3-4710-9D25-25F67ACADC60"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc847d_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "681C8A24-C3AC-4CF4-8283-DAC337909CC9"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc847d:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D8F37D88-E086-4060-8420-BD0F8D8FF580"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_ipc1047_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E5DA20C3-90EE-4355-99FC-BACE6F77C56C"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc1047:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5E959C97-838B-41F6-BD73-AA5073975075"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:microchip:maxview_storage_manager:*:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77C02716-54AE-4545-AB8C-4760F92271A2",
            "versionEndExcluding": "4.09.00.25611"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc1047e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "85F2895E-AFB0-4516-B549-93CCD5BB5814"
          },
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E430C4C5-D887-47C6-B50F-66EEE9519151"
          },
          {
            "criteria": "cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1157418C-14C4-43C4-B63E-7E98D868A94F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References