// For flags

CVE-2023-51438

 

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC647E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC847E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows). In default installations of maxView Storage Manager where Redfish® server is configured for remote system management, a vulnerability has been identified that can provide unauthorized access.

Se ha identificado una vulnerabilidad en SIMATIC IPC1047E (todas las versiones con maxView Storage Manager &lt; V4.14.00.26068 en Windows), SIMATIC IPC647E (todas las versiones con maxView Storage Manager &lt; V4.14.00.26068 en Windows), SIMATIC IPC847E (todas las versiones con maxView Storage Manager &lt; V4.14.00.26068 en Windows). En instalaciones predeterminadas de maxView Storage Manager donde el servidor Redfish® está configurado para la administración remota del sistema, se ha identificado una vulnerabilidad que puede proporcionar acceso no autorizado.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-12-19 CVE Reserved
  • 2024-01-09 CVE Published
  • 2024-02-10 EPSS Updated
  • 2024-08-02 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://cert-portal.siemens.com/productcert/pdf/ssa-702935.pdf 2024-01-16
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Microchip
Search vendor "Microchip"
 Maxview Storage Manager
Search vendor "Microchip" for product "Maxview Storage Manager"
 < 4.14.00.26068
Search vendor "Microchip" for product "Maxview Storage Manager" and version " < 4.14.00.26068"
windows
Affected
in Siemens
Search vendor "Siemens"
 Simatic Ipc1047e
Search vendor "Siemens" for product "Simatic Ipc1047e"
--
Safe
Microchip
Search vendor "Microchip"
 Maxview Storage Manager
Search vendor "Microchip" for product "Maxview Storage Manager"
 < 4.14.00.26068
Search vendor "Microchip" for product "Maxview Storage Manager" and version " < 4.14.00.26068"
windows
Affected
in Siemens
Search vendor "Siemens"
 Simatic Ipc647e
Search vendor "Siemens" for product "Simatic Ipc647e"
--
Safe
Microchip
Search vendor "Microchip"
 Maxview Storage Manager
Search vendor "Microchip" for product "Maxview Storage Manager"
 < 4.14.00.26068
Search vendor "Microchip" for product "Maxview Storage Manager" and version " < 4.14.00.26068"
windows
Affected
in Siemens
Search vendor "Siemens"
 Simatic Ipc847e
Search vendor "Siemens" for product "Simatic Ipc847e"
--
Safe