{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-23588", "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "state": "PUBLISHED", "assignerShortName": "siemens", "dateReserved": "2023-01-13T14:55:01.563Z", "datePublished": "2023-04-11T09:03:01.130Z", "dateUpdated": "2024-10-15T17:12:13.841Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens", "dateUpdated": "2023-04-11T09:03:01.130Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SIMATIC IPC1047 (All versions), SIMATIC IPC1047E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC647D (All versions), SIMATIC IPC647E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC847D (All versions), SIMATIC IPC847E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows). The Adaptec Maxview application on affected devices is using a non-unique TLS certificate across installations to protect the communication from the local browser to the local application.\r\nA local attacker may use this key to decrypt intercepted local traffic between the browser and the application and could perform a man-in-the-middle attack in order to modify data in transit."}], "affected": [{"vendor": "Siemens", "product": "SIMATIC IPC1047", "versions": [{"version": "All versions", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMATIC IPC1047E", "versions": [{"version": "All versions with maxView Storage Manager < 4.09.00.25611 on Windows", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMATIC IPC647D", "versions": [{"version": "All versions", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMATIC IPC647E", "versions": [{"version": "All versions with maxView Storage Manager < 4.09.00.25611 on Windows", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMATIC IPC847D", "versions": [{"version": "All versions", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMATIC IPC847E", "versions": [{"version": "All versions with maxView Storage Manager < 4.09.00.25611 on Windows", "status": "affected"}], "defaultStatus": "unknown"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", "baseScore": 6.2, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-200", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "type": "CWE"}]}], "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-511182.pdf"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:35:33.386Z"}, "title": "CVE Program Container", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-511182.pdf", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-15T17:09:07.958283Z", "id": "CVE-2023-23588", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-15T17:12:13.841Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-511182.pdf", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:35:33.386Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-23588", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-15T17:09:07.958283Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-15T17:10:42.721Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.2, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C"}}], "affected": [{"vendor": "Siemens", "product": "SIMATIC IPC1047", "versions": [{"status": "affected", "version": "All versions"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMATIC IPC1047E", "versions": [{"status": "affected", "version": "All versions with maxView Storage Manager < 4.09.00.25611 on Windows"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMATIC IPC647D", "versions": [{"status": "affected", "version": "All versions"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMATIC IPC647E", "versions": [{"status": "affected", "version": "All versions with maxView Storage Manager < 4.09.00.25611 on Windows"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMATIC IPC847D", "versions": [{"status": "affected", "version": "All versions"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMATIC IPC847E", "versions": [{"status": "affected", "version": "All versions with maxView Storage Manager < 4.09.00.25611 on Windows"}], "defaultStatus": "unknown"}], "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-511182.pdf"}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SIMATIC IPC1047 (All versions), SIMATIC IPC1047E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC647D (All versions), SIMATIC IPC647E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC847D (All versions), SIMATIC IPC847E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows). The Adaptec Maxview application on affected devices is using a non-unique TLS certificate across installations to protect the communication from the local browser to the local application.\r\nA local attacker may use this key to decrypt intercepted local traffic between the browser and the application and could perform a man-in-the-middle attack in order to modify data in transit."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens", "dateUpdated": "2023-04-11T09:03:01.130Z"}}}, "cveMetadata": {"cveId": "CVE-2023-23588", "state": "PUBLISHED", "dateUpdated": "2024-10-15T17:12:13.841Z", "dateReserved": "2023-01-13T14:55:01.563Z", "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "datePublished": "2023-04-11T09:03:01.130Z", "assignerShortName": "siemens"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_ipc647d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "43337EC1-0BF8-40B3-88BC-38F06EF48DC6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_ipc647d:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0EF28FB-BAB3-4710-9D25-25F67ACADC60", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_ipc847d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "681C8A24-C3AC-4CF4-8283-DAC337909CC9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_ipc847d:-:*:*:*:*:*:*:*", "matchCriteriaId": "D8F37D88-E086-4060-8420-BD0F8D8FF580", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_ipc1047_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E5DA20C3-90EE-4355-99FC-BACE6F77C56C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_ipc1047:-:*:*:*:*:*:*:*", "matchCriteriaId": "5E959C97-838B-41F6-BD73-AA5073975075", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microchip:maxview_storage_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "77C02716-54AE-4545-AB8C-4760F92271A2", "versionEndExcluding": "4.09.00.25611", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_ipc1047e:-:*:*:*:*:*:*:*", "matchCriteriaId": "85F2895E-AFB0-4516-B549-93CCD5BB5814", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:*", "matchCriteriaId": "E430C4C5-D887-47C6-B50F-66EEE9519151", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:*", "matchCriteriaId": "1157418C-14C4-43C4-B63E-7E98D868A94F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SIMATIC IPC1047 (All versions), SIMATIC IPC1047E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC647D (All versions), SIMATIC IPC647E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC847D (All versions), SIMATIC IPC847E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows). The Adaptec Maxview application on affected devices is using a non-unique TLS certificate across installations to protect the communication from the local browser to the local application.\r\nA local attacker may use this key to decrypt intercepted local traffic between the browser and the application and could perform a man-in-the-middle attack in order to modify data in transit."}], "id": "CVE-2023-23588", "lastModified": "2024-11-21T07:46:29.217", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "productcert@siemens.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-04-11T10:15:18.097", "references": [{"source": "productcert@siemens.com", "tags": ["Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-511182.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-511182.pdf"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "productcert@siemens.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}