A vulnerability has been identified in SIMATIC IPC1047 (All versions), SIMATIC IPC1047E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC647D (All versions), SIMATIC IPC647E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC847D (All versions), SIMATIC IPC847E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows). The Adaptec Maxview application on affected devices is using a non-unique TLS certificate across installations to protect the communication from the local browser to the local application.
A local attacker may use this key to decrypt intercepted local traffic between the browser and the application and could perform a man-in-the-middle attack in order to modify data in transit.
References
Link | Resource |
---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-511182.pdf | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
History
11 Jan 2024, 14:31
Type | Values Removed | Values Added |
---|---|---|
First Time |
Microchip maxview Storage Manager
Microchip |
|
CPE | cpe:2.3:a:microchip:maxview_storage_manager:*:*:*:*:*:windows:*:* |
19 Apr 2023, 20:00
Type | Values Removed | Values Added |
---|---|---|
First Time |
Siemens simatic Ipc1047e
Siemens simatic Ipc847d Microsemi maxview Storage Manager Microsemi Siemens simatic Ipc1047 Firmware Siemens simatic Ipc647e Siemens simatic Ipc647d Siemens simatic Ipc1047 Siemens simatic Ipc847e Siemens simatic Ipc647d Firmware Siemens Siemens simatic Ipc847d Firmware |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.3 |
CWE | CWE-295 | |
References | (MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-511182.pdf - Vendor Advisory | |
CPE | cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_ipc1047e:-:*:*:*:*:*:*:* cpe:2.3:a:microsemi:maxview_storage_manager:*:*:*:*:*:windows:*:* cpe:2.3:o:siemens:simatic_ipc647d_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_ipc847d_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_ipc1047_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_ipc1047:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_ipc847d:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_ipc647d:-:*:*:*:*:*:*:* |
11 Apr 2023, 10:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-11 10:15
Updated : 2024-01-11 14:31
NVD link : CVE-2023-23588
Mitre link : CVE-2023-23588
CVE.ORG link : CVE-2023-23588
JSON object : View
Products Affected
microchip
- maxview_storage_manager
siemens
- simatic_ipc647d
- simatic_ipc1047_firmware
- simatic_ipc647d_firmware
- simatic_ipc647e
- simatic_ipc1047e
- simatic_ipc847d_firmware
- simatic_ipc847d
- simatic_ipc847e
- simatic_ipc1047