VDB
SSA-511182
SSA-511182
PUBLISHED
CVSS 6.199999809265137 MEDIUM
The Adaptec Maxview application shipped with affected SIMATIC IPCs contains a hard coded, non-unique certificate to secure HTTPS connections between the browser and the local Maxview configuration application. A local attacker may use this key to decrypt intercepted local traffic between the browser and the application and could perform a man-in-the-middle attack in order to modify data in transit. Adaptec has released updates for the affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not, or not yet available.
Risk Scores
CVSS 3.1
6.199999809265137
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SIMATIC IPC847E | ||
| SIMATIC IPC1047E | ||
| SIMATIC IPC647E | ||
| SIMATIC IPC1047 | ||
| SIMATIC IPC647D | ||
| SIMATIC IPC847D |
Exploit Intelligence
- https://cert-portal.siemens.com/productcert/html/ssa-511182.html (circl)
- https://cert-portal.siemens.com/productcert/csaf/ssa-511182.json (circl)
- https://cert-portal.siemens.com/productcert/pdf/ssa-511182.pdf (circl)
- https://cert-portal.siemens.com/productcert/txt/ssa-511182.txt (circl)
- https://storage.microsemi.com/en-us/support/raid/sas_raid/asr-3151-4i/ (circl)
Timeline
- CVE Published
References
- https://cert-portal.siemens.com/productcert/html/ssa-511182.html advisory
- https://cert-portal.siemens.com/productcert/csaf/ssa-511182.json advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-511182.pdf advisory
- https://cert-portal.siemens.com/productcert/txt/ssa-511182.txt advisory
- https://storage.microsemi.com/en-us/support/raid/sas_raid/asr-3151-4i/ fix