CVE-2023-27409

A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). A path traversal vulnerability was found in the `deviceinfo` binary via the `mac` parameter. This could allow an authenticated attacker with access to the SSH interface on the affected device to read the contents of any file named `address`.

CVSS v3 3.3 LOW

3.3^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-325383.pdf	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:siemens:scalance_lpe9403_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_lpe9403:-:*:*:*:*:*:*:*

History

15 May 2023, 18:45

Type	Values Removed	Values Added
References	~~(MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-325383.pdf -~~	(MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-325383.pdf - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~2.5~~	v2 : unknown v3 : 3.3
First Time		Siemens scalance Lpe9403 Siemens Siemens scalance Lpe9403 Firmware
CPE		cpe:2.3:o:siemens:scalance_lpe9403_firmware:::::::: cpe:2.3:h:siemens:scalance_lpe9403:-:::::::*

09 May 2023, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-05-09 13:15

Updated : 2023-12-10 15:01

NVD link : CVE-2023-27409

Mitre link : CVE-2023-27409

CVE.ORG link : CVE-2023-27409

JSON object : View

Products Affected

siemens

scalance_lpe9403_firmware
scalance_lpe9403

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

3.3 /10