CVE-2023-23588
Description
A vulnerability has been identified in SIMATIC IPC1047 (All versions), SIMATIC IPC1047E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC647D (All versions), SIMATIC IPC647E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC847D (All versions), SIMATIC IPC847E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows). The Adaptec Maxview application on affected devices is using a non-unique TLS certificate across installations to protect the communication from the local browser to the local application. A local attacker may use this key to decrypt intercepted local traffic between the browser and the application and could perform a man-in-the-middle attack in order to modify data in transit.
CVSS Details
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Threat Intelligence
Weaknesses 2
Affected Products 10
| Vendor | Product | Version | Range |
|---|---|---|---|
| siemens | simatic_ipc647d_firmware | * | any |
| siemens | simatic_ipc647d | * | any |
| siemens | simatic_ipc847d_firmware | * | any |
| siemens | simatic_ipc847d | * | any |
| siemens | simatic_ipc1047_firmware | * | any |
| siemens | simatic_ipc1047 | * | any |
| microchip | maxview_storage_manager | * | <4.09.00.25611 |
| siemens | simatic_ipc1047e | * | any |
| siemens | simatic_ipc647e | * | any |
| siemens | simatic_ipc847e | * | any |
References 1
- cert-portal.siemens.com https://cert-portal.siemens.com/productcert/pdf/ssa-511182.pdf
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.