CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-51438
https://notcve.org/view.php?id=CVE-2023-51438
09 Jan 2024 — A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC647E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC847E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows). In default installations of maxView Storage Manager where Redfish® server is configured for remote system management, a vulnerability has been identified that can provide unauthorized access. Se ha identif... • https://cert-portal.siemens.com/productcert/pdf/ssa-702935.pdf • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22216
https://notcve.org/view.php?id=CVE-2024-22216
08 Jan 2024 — In default installations of Microchip maxView Storage Manager (for Adaptec Smart Storage Controllers) where Redfish server is configured for remote system management, unauthorized access can occur, with data modification and information disclosure. This affects 3.00.23484 through 4.14.00.26064 (except for the patched versions 3.07.23980 and 4.07.00.25339). En las instalaciones predeterminadas de Microchip maxView Storage Manager (para Adaptec Smart Storage Controllers) donde el servidor Redfish está configu... • https://www.microchip.com/en-us/solutions/embedded-security/how-to-report-potential-product-security-vulnerabilities/maxview-storage-manager-redfish-server-vulnerability •
CVSS: 6.3EPSS: 0%CPEs: 10EXPL: 0CVE-2023-23588
https://notcve.org/view.php?id=CVE-2023-23588
11 Apr 2023 — A vulnerability has been identified in SIMATIC IPC1047 (All versions), SIMATIC IPC1047E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC647D (All versions), SIMATIC IPC647E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC847D (All versions), SIMATIC IPC847E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows). The Adaptec Maxview application on affected devices is using a non-unique TLS certificate across installations t... • https://cert-portal.siemens.com/productcert/pdf/ssa-511182.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-295: Improper Certificate Validation •