CVE-2023-51438
published 2024-01-09CVE-2023-51438: A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC647E (All versions…
PriorityP357critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.65%
46.3th percentile
A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC647E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC847E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows). In default installations of maxView Storage Manager where Redfish® server is configured for remote system management, a vulnerability has been identified that can provide unauthorized access.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microchip | maxview_storage_manager | < 4.14.00.26068 | 4.14.00.26068 |
| siemens | simatic_ipc1047e | — | — |
| siemens | simatic_ipc647e | — | — |
| siemens | simatic_ipc847e | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens SIMATIC
cisa_ics·2024-01-11·CVSS 10.0
[CRITICAL] Siemens SIMATIC
ICS Advisory
##
Siemens SIMATIC
Release DateJanuary 11, 2024
Alert CodeICSA-24-011-10
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 10.0
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SIMATIC
- Vulnerability: Improper Input Validation
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow and attacker to obtain remote unauthorized access.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PROD
GHSA
GHSA-r573-6cpv-hcwq: A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4
ghsa_unreviewed·2024-01-09
CVE-2023-51438 [CRITICAL] CWE-20 GHSA-r573-6cpv-hcwq: A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4
A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC647E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC847E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows). In default installations of maxView Storage Manager where Redfish® server is configured for remote system management, a vulnerability has been identified that can provide unauthorized access.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-01-09
Published