SSA-511182 — Vulnetix

SSA-511182 PUBLISHED CVSS 6.199999809265137 MEDIUM

The Adaptec Maxview application shipped with affected SIMATIC IPCs contains a hard coded, non-unique certificate to secure HTTPS connections between the browser and the local Maxview configuration application. A local attacker may use this key to decrypt intercepted local traffic between the browser and the application and could perform a man-in-the-middle attack in order to modify data in transit. Adaptec has released updates for the affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not, or not yet available.

Risk Scores

CVSS v3.1

6.199999809265137

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

Affected Products

Vendor	Product	Versions
	SIMATIC IPC847E
	SIMATIC IPC1047E
	SIMATIC IPC647E
	SIMATIC IPC1047
	SIMATIC IPC647D
	SIMATIC IPC847D

Timeline

CVE Published

References

https://cert-portal.siemens.com/productcert/html/ssa-511182.html advisory
https://cert-portal.siemens.com/productcert/csaf/ssa-511182.json advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-511182.pdf advisory
https://cert-portal.siemens.com/productcert/txt/ssa-511182.txt advisory
https://storage.microsemi.com/en-us/support/raid/sas_raid/asr-3151-4i/ fix

Open in Interactive Console →