CVE-2023-27407 — Command Injection in Siemens Scalance Lpe9403 Firmware

CWE-77 — Command Injection CWE-78 — OS Command Injection3 documents3 sources

Severity

9.9CRITICALNVD

EPSS

1.0%

top 22.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Scalance Lpe9403 Firmware Siemens Scalance Lpe9403

Timeline

PublishedMay 9

Description

A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The web based management of affected device does not properly validate user input, making it susceptible to command injection. This could allow an authenticated remote attacker to access the underlying operating system as the root user.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 3.1 | Impact: 6.0

Affected Packages2 packages

▶NVDsiemens/scalance_lpe9403_firmware< 2.1

▶CVEListV5siemens/scalance_lpe9403All versions < V2.1

🔴Vulnerability Details

CVEList

CVE-2023-27407: A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2↗2023-05-09

▶

GHSA

GHSA-p7q5-cvw2-cc4p: A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2↗2023-05-09

▶