CVE-2023-23588

MEDIUM EPSS 0.6%
Published Apr 11, 20233y ago · Modified Jun 17, 20262w ago
6.3 CVSS 3.1
Medium
Find Similar
Published Apr 11, 2023 3y ago
Last Modified Jun 17, 2026 2w ago

Description

A vulnerability has been identified in SIMATIC IPC1047 (All versions), SIMATIC IPC1047E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC647D (All versions), SIMATIC IPC647E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC847D (All versions), SIMATIC IPC847E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows). The Adaptec Maxview application on affected devices is using a non-unique TLS certificate across installations to protect the communication from the local browser to the local application. A local attacker may use this key to decrypt intercepted local traffic between the browser and the application and could perform a man-in-the-middle attack in order to modify data in transit.

CVSS Details

Base Score
6.3
Exploitability
1.0
Impact
5.2
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability None

Threat Intelligence

EPSS Exploit Probability
0.6% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 2

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure
CWE-295

Affected Products 10

VendorProductVersionRange
siemenssimatic_ipc647d_firmware*any
siemenssimatic_ipc647d*any
siemenssimatic_ipc847d_firmware*any
siemenssimatic_ipc847d*any
siemenssimatic_ipc1047_firmware*any
siemenssimatic_ipc1047*any
microchipmaxview_storage_manager* <4.09.00.25611
siemenssimatic_ipc1047e*any
siemenssimatic_ipc647e*any
siemenssimatic_ipc847e*any

References 1

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.