CVE-2023-45793Incorrect Authorization in Siemens Siveillance Control

CWE-863Incorrect Authorization3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 76.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Siemens Siveillance Control
Timeline
PublishedMar 12

Description

A vulnerability has been identified in Siveillance Control (All versions >= V2.8 < V3.1.1). The affected product does not properly check the list of access groups that are assigned to an individual user. This could enable a locally logged on user to gain write privileges for objects where they only have read privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5siemens/siveillance_controlV2.8V3.1.1
NVDsiemens/siveillance_control2.83.1.1

🔴Vulnerability Details

2
CVEList
CVE-2023-45793: A vulnerability has been identified in Siveillance Control (All versions >= V22024-03-12
GHSA
GHSA-4qph-whwp-xm7r: A vulnerability has been identified in Siveillance Control (All versions >= V22024-03-12
CVE-2023-45793 — Incorrect Authorization in Siemens | cvebase