CVE-2023-23588
Published: Apr 11, 2023
Modified: Oct 15, 2024
CVSS v3.1
6.2
Description
A vulnerability has been identified in SIMATIC IPC1047 (All versions), SIMATIC IPC1047E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC647D (All versions), SIMATIC IPC647E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC847D (All versions), SIMATIC IPC847E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows). The Adaptec Maxview application on affected devices is using a non-unique TLS certificate across installations to protect the communication from the local browser to the local application. A local attacker may use this key to decrypt intercepted local traffic between the browser and the application and could perform a man-in-the-middle attack in order to modify data in transit.
| Vendor | Product | Versions |
|---|---|---|
Siemens | SIMATIC IPC1047 | affected All versions |
Siemens | SIMATIC IPC1047E | affected All versions with maxView Storage Manager < 4.09.00.25611 on Windows |
Siemens | SIMATIC IPC647D | affected All versions |
Siemens | SIMATIC IPC647E | affected All versions with maxView Storage Manager < 4.09.00.25611 on Windows |
Siemens | SIMATIC IPC847D | affected All versions |
Siemens | SIMATIC IPC847E | affected All versions with maxView Storage Manager < 4.09.00.25611 on Windows |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now