VDB
CVE-2023-27407
CVE-2023-27407
PUBLISHED
CVSS 9.899999618530273 CRITICAL
A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The web based management of affected device does not properly validate user input, making it susceptible to command injection. This could allow an authenticated remote attacker to access the underlying operating system as the root user.
EPSS 1.18% · 79.1th percentile
Risk Scores
CVSS v3.1
9.899999618530273
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score
1.18%
79.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | SCALANCE LPE9403 | All versions < V2.1 |
| siemens | scalance_lpe9403_firmware | 0, 0 |
Timeline
- May 9, 2023 CVE Published
- May 10, 2023 EPSS Score
- Jun 16, 2023 EPSS Score
- Jul 22, 2023 EPSS Score
- Oct 4, 2023 EPSS Score
- Nov 9, 2023 EPSS Score
- Dec 16, 2023 EPSS Score
- Jan 22, 2024 EPSS Score
- Apr 4, 2024 EPSS Score
- May 11, 2024 EPSS Score
- Jun 17, 2024 EPSS Score
- Jul 23, 2024 EPSS Score
References
- https://cert-portal.siemens.com/productcert/html/ssa-516174.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-789345.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-555292.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-892048.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-325383.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-932528.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-473245.html advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-27407 advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-325383.pdf url