Vulnerability Description
A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The `i2c` mutex file is created with the permissions bits of `-rw-rw-rw-`. This file is used as a mutex for multiple applications interacting with i2c. This could allow an authenticated attacker with access to the SSH interface on the affected device to interfere with the integrity of the mutex and the data it protects.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Scalance Lpe9403 Firmware | < 2.1 |
| Siemens | Scalance Lpe9403 | - |
Related Weaknesses (CWE)
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-325383.pdfVendor Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-325383.pdfVendor Advisory
FAQ
What is CVE-2023-27408?
CVE-2023-27408 is a vulnerability with a CVSS score of 3.3 (LOW). A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The `i2c` mutex file is created with the permissions bits of `-rw-rw-rw-`. This file is used as a mutex for multiple appl...
How severe is CVE-2023-27408?
CVE-2023-27408 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-27408?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Scalance Lpe9403 Firmware, Siemens Scalance Lpe9403.