CVE-2023-51438 - Vulnerability Details - OpenCVE

A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC647E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC847E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows). In default installations of maxView Storage Manager where Redfish® server is configured for remote system management, a vulnerability has been identified that can provide unauthorized access.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microchip	Maxview Storage Manager
Siemens	Simatic Ipc1047e Simatic Ipc647e Simatic Ipc847e

Configuration 1 [-]

AND

cpe:2.3:a:microchip:maxview_storage_manager:*:*:*:*:*:windows:*:*

OR	cpe:2.3:h:siemens:simatic_ipc1047e:-:::::::*
	cpe:2.3:h:siemens:simatic_ipc647e:-:::::::*
	cpe:2.3:h:siemens:simatic_ipc847e:-:::::::*

No data.

References

Link	Providers
https://cert-portal.siemens.com/productcert/pdf/ssa-702935.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2024-01-09T10:00:13.080Z

Updated: 2024-08-02T22:32:09.431Z

Reserved: 2023-12-19T11:46:45.583Z

Link: CVE-2023-51438

Vulnrichment

No data.

NVD

Status : Modified

Published: 2024-01-09T10:15:21.077

Modified: 2024-11-21T08:38:07.097

Link: CVE-2023-51438

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-51438", "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "state": "PUBLISHED", "assignerShortName": "siemens", "dateReserved": "2023-12-19T11:46:45.583Z", "datePublished": "2024-01-09T10:00:13.080Z", "dateUpdated": "2024-08-02T22:32:09.431Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens", "dateUpdated": "2024-01-09T10:00:13.080Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC647E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC847E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows). In default installations of maxView Storage Manager where Redfish\u00ae server is configured for remote system management, a vulnerability has been identified that can provide unauthorized access."}], "affected": [{"vendor": "Siemens", "product": "SIMATIC IPC1047E", "versions": [{"version": "All versions with maxView Storage Manager < V4.14.00.26068 on Windows", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMATIC IPC647E", "versions": [{"version": "All versions with maxView Storage Manager < V4.14.00.26068 on Windows", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMATIC IPC847E", "versions": [{"version": "All versions with maxView Storage Manager < V4.14.00.26068 on Windows", "status": "affected"}], "defaultStatus": "unknown"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", "baseScore": 10, "baseSeverity": "CRITICAL"}}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-20", "description": "CWE-20: Improper Input Validation", "type": "CWE"}]}], "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-702935.pdf"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:32:09.431Z"}, "title": "CVE Program Container", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-702935.pdf", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microchip:maxview_storage_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "6AA7D140-D1C3-4B8A-A364-A24E4587B6E7", "versionEndExcluding": "4.14.00.26068", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_ipc1047e:-:*:*:*:*:*:*:*", "matchCriteriaId": "85F2895E-AFB0-4516-B549-93CCD5BB5814", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:*", "matchCriteriaId": "E430C4C5-D887-47C6-B50F-66EEE9519151", "vulnerable": false}, {"criteria": "cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:*", "matchCriteriaId": "1157418C-14C4-43C4-B63E-7E98D868A94F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC647E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC847E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows). In default installations of maxView Storage Manager where Redfish\u00ae server is configured for remote system management, a vulnerability has been identified that can provide unauthorized access."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en SIMATIC IPC1047E (todas las versiones con maxView Storage Manager < V4.14.00.26068 en Windows), SIMATIC IPC647E (todas las versiones con maxView Storage Manager < V4.14.00.26068 en Windows), SIMATIC IPC847E (todas las versiones con maxView Storage Manager < V4.14.00.26068 en Windows). En instalaciones predeterminadas de maxView Storage Manager donde el servidor Redfish\u00ae est\u00e1 configurado para la administraci\u00f3n remota del sistema, se ha identificado una vulnerabilidad que puede proporcionar acceso no autorizado."}], "id": "CVE-2023-51438", "lastModified": "2024-11-21T08:38:07.097", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "productcert@siemens.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-09T10:15:21.077", "references": [{"source": "productcert@siemens.com", "tags": ["Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-702935.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-702935.pdf"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "productcert@siemens.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}