CVE-2023-48431
https://notcve.org/view.php?id=CVE-2023-48431
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected software does not correctly validate the response received by an UMC server. An attacker can use this to crash the affected software by providing and configuring a malicious UMC server or by manipulating the traffic from a legitimate UMC server (i.e. leveraging CVE-2023-48427). Se ha identificado una vulnerabilidad en SINEC INS (Todas las versiones < V1.0 SP2 Update 2). El software afectado no valida correctamente la respuesta recibida por un servidor UMC. • https://cert-portal.siemens.com/productcert/pdf/ssa-077170.pdf • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVE-2023-48430
https://notcve.org/view.php?id=CVE-2023-48430
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The REST API of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the API. The server will automatically restart. Se ha identificado una vulnerabilidad en SINEC INS (Todas las versiones < V1.0 SP2 Update 2). • https://cert-portal.siemens.com/productcert/pdf/ssa-077170.pdf • CWE-392: Missing Report of Error Condition •
CVE-2023-48429
https://notcve.org/view.php?id=CVE-2023-48429
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The Web UI of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the server. The server will automatically restart. Se ha identificado una vulnerabilidad en SINEC INS (Todas las versiones < V1.0 SP2 Update 2). • https://cert-portal.siemens.com/productcert/pdf/ssa-077170.pdf • CWE-394: Unexpected Status Code or Return Value CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVE-2023-48428
https://notcve.org/view.php?id=CVE-2023-48428
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The radius configuration mechanism of affected products does not correctly check uploaded certificates. A malicious admin could upload a crafted certificate resulting in a denial-of-service condition or potentially issue commands on system level. Se ha identificado una vulnerabilidad en SINEC INS (Todas las versiones < V1.0 SP2 Update 2). El mecanismo de configuración de radio de los productos afectados no verifica correctamente los certificados cargados. • https://cert-portal.siemens.com/productcert/pdf/ssa-077170.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2023-48427
https://notcve.org/view.php?id=CVE-2023-48427
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected products do not properly validate the certificate of the configured UMC server. This could allow an attacker to intercept credentials that are sent to the UMC server as well as to manipulate responses, potentially allowing an attacker to escalate privileges. Se ha identificado una vulnerabilidad en SINEC INS (Todas las versiones < V1.0 SP2 Update 2). Los productos afectados no validan correctamente el certificado del servidor UMC configurado. • https://cert-portal.siemens.com/productcert/pdf/ssa-077170.pdf • CWE-295: Improper Certificate Validation •