CVE-2023-51438

Published: Jan 9, 2024Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC647E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC847E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows). In default installations of maxView Storage Manager where Redfish® server is configured for remote system management, a vulnerability has been identified that can provide unauthorized access.

Affected (1)

Products: Microchip: Maxview Storage Manager

1 product

Maxview Storage Manager

Configuration A

1 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Microchip Maxview Storage Manager	Before 4.14.00.26068

Running on/with	Platform Versions
Siemens Simatic Ipc1047e	All versions
Siemens Simatic Ipc647e	All versions
Siemens Simatic Ipc847e	All versions

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://cert-portal.siemens.com/productcert/pdf/ssa-702935.pdf

Source: productcert@siemens.com

Vendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-702935.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.