VDB
ICSA-23-103-01
ICSA-23-103-01
PUBLISHED
CVSS 6.199999809265137 MEDIUM
The Adaptec Maxview application shipped with affected SIMATIC IPCs contains a hard coded, non-unique certificate to secure HTTPS connections between the browser and the local Maxview configuration application. A local attacker may use this key to decrypt intercepted local traffic between the browser and the application and could perform a man-in-the-middle attack in order to modify data in transit. Adaptec has released updates for the affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not, or not yet available.
Risk Scores
CVSS 3.1
6.199999809265137
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SIMATIC IPC1047E | ||
| SIMATIC IPC1047 | ||
| SIMATIC IPC647E | ||
| SIMATIC IPC847D | ||
| SIMATIC IPC847E | ||
| SIMATIC IPC647D |
Timeline
- Apr 11, 2023 CVE Published
References
- https://cert-portal.siemens.com/productcert/csaf/ssa-511182.json advisory
- https://cert-portal.siemens.com/productcert/html/ssa-511182.html advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-511182.pdf advisory
- https://cert-portal.siemens.com/productcert/txt/ssa-511182.txt advisory
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2023/icsa-23-103-01.json advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-01 advisory
- https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 url
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
- https://www.cisa.gov/topics/industrial-control-systems url
- https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
- https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B url
- https://storage.microsemi.com/en-us/support/raid/sas_raid/asr-3151-4i/ fix