CVE-2023-27408

CWE-3783 documents3 sources

Severity

3.3LOW

EPSS

0.0%

top 89.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Scalance Lpe9403 Firmware Siemens Scalance Lpe9403

Timeline

PublishedMay 9

Description

A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The `i2c` mutex file is created with the permissions bits of `-rw-rw-rw-`. This file is used as a mutex for multiple applications interacting with i2c. This could allow an authenticated attacker with access to the SSH interface on the affected device to interfere with the integrity of the mutex and the data it protects.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

▶NVDsiemens/scalance_lpe9403_firmware< 2.1

▶CVEListV5siemens/scalance_lpe9403All versions < V2.1

🔴Vulnerability Details

CVEList

CVE-2023-27408: A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2↗2023-05-09

▶

GHSA

GHSA-49r4-q83q-h2wr: A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2↗2023-05-09

▶