Details of VAR-202305-0436

ID

VAR-202305-0436

CVE

CVE-2023-27408

TITLE

Siemens' SCALANCE LPE9403 Vulnerability related to temporary file creation with access permissions in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2023-009650

DESCRIPTION

A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The `i2c` mutex file is created with the permissions bits of `-rw-rw-rw-`. This file is used as a mutex for multiple applications interacting with i2c. This could allow an authenticated attacker with access to the SSH interface on the affected device to interfere with the integrity of the mutex and the data it protects. Siemens' SCALANCE LPE9403 There is a vulnerability in the firmware related to temporary file creation with access permissions.Information may be tampered with. Siemens SCALANCE LPE9403 is a local processing driver

Trust: 2.25

sources: NVD: CVE-2023-27408 // JVNDB: JVNDB-2023-009650 // CNVD: CNVD-2023-35766 // VULMON: CVE-2023-27408

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2023-35766

AFFECTED PRODUCTS

vendor:	siemens	model:	scalance lpe9403	scope:	lt	version:	2.1	Trust: 1.0
vendor:	シーメンス	model:	scalance lpe9403	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance lpe9403	scope:	eq	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance lpe9403	scope:	eq	version:	scalance lpe9403 firmware 2.1	Trust: 0.8
vendor:	siemens	model:	scalance lpe9403	scope:	lt	version:	v2.1	Trust: 0.6

sources: CNVD: CNVD-2023-35766 // JVNDB: JVNDB-2023-009650 // NVD: CVE-2023-27408

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com:	CVE-2023-27408
value:	LOW
Trust: 1.0
OTHER:	JVNDB-2023-009650
value:	LOW
Trust: 0.8
CNVD:	CNVD-2023-35766
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202305-653
value:	LOW
Trust: 0.6

CNVD:	CNVD-2023-35766
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

productcert@siemens.com:	CVE-2023-27408
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2023-009650
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2023-35766 // JVNDB: JVNDB-2023-009650 // CNNVD: CNNVD-202305-653 // NVD: CVE-2023-27408

PROBLEMTYPE DATA

problemtype:	CWE-378	Trust: 1.0
problemtype:	Creating temporary files with inappropriate access permissions (CWE-378) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-009650 // NVD: CVE-2023-27408

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202305-653

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202305-653

PATCH

title:	Patch for Siemens SCALANCE LPE9403 has an unknown vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/424731	Trust: 0.6
title:	Siemens SCALANCE Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=236525	Trust: 0.6

sources: CNVD: CNVD-2023-35766 // CNNVD: CNNVD-202305-653

EXTERNAL IDS

db:	NVD	id:	CVE-2023-27408	Trust: 3.9
db:	SIEMENS	id:	SSA-325383	Trust: 3.1
db:	JVN	id:	JVNVU98195668	Trust: 0.8
db:	ICS CERT	id:	ICSA-23-131-06	Trust: 0.8
db:	JVNDB	id:	JVNDB-2023-009650	Trust: 0.8
db:	CNVD	id:	CNVD-2023-35766	Trust: 0.6
db:	CNNVD	id:	CNNVD-202305-653	Trust: 0.6
db:	VULMON	id:	CVE-2023-27408	Trust: 0.1

sources: CNVD: CNVD-2023-35766 // VULMON: CVE-2023-27408 // JVNDB: JVNDB-2023-009650 // CNNVD: CNNVD-202305-653 // NVD: CVE-2023-27408

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-325383.pdf	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2023-27408	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu98195668/	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-06	Trust: 0.8
url:	https://cert-portal.siemens.com/productcert/html/ssa-325383.html	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2023-27408/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/378.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2023-35766 // VULMON: CVE-2023-27408 // JVNDB: JVNDB-2023-009650 // CNNVD: CNNVD-202305-653 // NVD: CVE-2023-27408

SOURCES

db:	CNVD	id:	CNVD-2023-35766
db:	VULMON	id:	CVE-2023-27408
db:	JVNDB	id:	JVNDB-2023-009650
db:	CNNVD	id:	CNNVD-202305-653
db:	NVD	id:	CVE-2023-27408

LAST UPDATE DATE

2024-08-14T12:47:07.730000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2023-35766	date:	2023-05-10T00:00:00
db:	VULMON	id:	CVE-2023-27408	date:	2023-05-09T00:00:00
db:	JVNDB	id:	JVNDB-2023-009650	date:	2023-12-06T05:17:00
db:	CNNVD	id:	CNNVD-202305-653	date:	2023-05-11T00:00:00
db:	NVD	id:	CVE-2023-27408	date:	2023-05-15T18:46:34.533

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2023-35766	date:	2023-05-10T00:00:00
db:	VULMON	id:	CVE-2023-27408	date:	2023-05-09T00:00:00
db:	JVNDB	id:	JVNDB-2023-009650	date:	2023-12-06T00:00:00
db:	CNNVD	id:	CNNVD-202305-653	date:	2023-05-09T00:00:00
db:	NVD	id:	CVE-2023-27408	date:	2023-05-09T13:15:16.727