CVE-2023-23588
CVSS V2 None
CVSS V3 None
Description
A vulnerability has been identified in SIMATIC IPC1047 (All versions), SIMATIC IPC1047E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC647D (All versions), SIMATIC IPC647E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC847D (All versions), SIMATIC IPC847E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows). The Adaptec Maxview application on affected devices is using a non-unique TLS certificate across installations to protect the communication from the local browser to the local application.
A local attacker may use this key to decrypt intercepted local traffic between the browser and the application and could perform a man-in-the-middle attack in order to modify data in transit.
Overview
- CVE ID
- CVE-2023-23588
- Assigner
- productcert@siemens.com
- Vulnerability Status
- Analyzed
- Published Version
- 2023-04-11T10:15:18
- Last Modified Date
- 2023-04-19T20:00:49
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| AND | ||||
| cpe:2.3:o:siemens:simatic_ipc647d_firmware:*:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_ipc647d:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_ipc847d_firmware:*:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_ipc847d:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_ipc1047_firmware:*:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_ipc1047:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:a:microsemi:maxview_storage_manager:*:*:*:*:*:windows:*:* | 1 | OR | 4.09.00.25611 | |
| cpe:2.3:h:siemens:simatic_ipc1047e:-:*:*:*:*:*:*:* | 0 | OR | ||
| cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:* | 0 | OR | ||
| cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:* | 0 | OR |
References
| Reference URL | Reference Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-511182.pdf |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-23588 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23588 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2023-04-17 04:29:33 | Added to TrackCVE | |||
| 2023-04-17 04:29:36 | Weakness Enumeration | new | ||
| 2023-04-18 12:00:14 | Awaiting Analysis | Undergoing Analysis | Vulnerability Status | updated |
| 2023-04-19 21:00:51 | 2023-04-19T20:00:49 | CVE Modified Date | updated | |
| 2023-04-19 21:00:51 | Undergoing Analysis | Analyzed | Vulnerability Status | updated |
| 2023-04-19 21:00:56 | Weakness Enumeration | update | ||
| 2023-04-19 21:00:57 | CPE Information | updated |