CVE-2023-23588 — MEDIUM (6.2)

Q: How severe is CVE-2023-23588?

CVE-2023-23588 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-23588?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Simatic Ipc647D Firmware, Siemens Simatic Ipc647D, Siemens Simatic Ipc847D Firmware, Siemens Simatic Ipc847D, Siemens Simatic Ipc1047 Firmware.

Vulnerability Description

A vulnerability has been identified in SIMATIC IPC1047 (All versions), SIMATIC IPC1047E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC647D (All versions), SIMATIC IPC647E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC847D (All versions), SIMATIC IPC847E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows). The Adaptec Maxview application on affected devices is using a non-unique TLS certificate across installations to protect the communication from the local browser to the local application. A local attacker may use this key to decrypt intercepted local traffic between the browser and the application and could perform a man-in-the-middle attack in order to modify data in transit.

CVSS Score

6.2

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Siemens	Simatic Ipc647D Firmware	All versions
Siemens	Simatic Ipc647D	-
Siemens	Simatic Ipc847D Firmware	All versions
Siemens	Simatic Ipc847D	-
Siemens	Simatic Ipc1047 Firmware	All versions
Siemens	Simatic Ipc1047	-
Microchip	Maxview Storage Manager	< 4.09.00.25611
Siemens	Simatic Ipc1047E	-
Siemens	Simatic Ipc647E	-
Siemens	Simatic Ipc847E	-

Related Weaknesses (CWE)

CWE-295 CWE-200

References

https://cert-portal.siemens.com/productcert/pdf/ssa-511182.pdfVendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-511182.pdfVendor Advisory

FAQ

What is CVE-2023-23588?

CVE-2023-23588 is a vulnerability with a CVSS score of 6.2 (MEDIUM). A vulnerability has been identified in SIMATIC IPC1047 (All versions), SIMATIC IPC1047E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC647D (All versions), SIMATIC ...

How severe is CVE-2023-23588?

CVE-2023-23588 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-23588?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Simatic Ipc647D Firmware, Siemens Simatic Ipc647D, Siemens Simatic Ipc847D Firmware, Siemens Simatic Ipc847D, Siemens Simatic Ipc1047 Firmware.