ID

VAR-202312-0205


CVE

CVE-2023-48430


DESCRIPTION

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The REST API of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the API. The server will automatically restart.

Trust: 1.0

sources: NVD: CVE-2023-48430

AFFECTED PRODUCTS

vendor:siemensmodel:sinec insscope:eqversion:1.0

Trust: 1.0

vendor:siemensmodel:sinec insscope:ltversion:1.0

Trust: 1.0

sources: NVD: CVE-2023-48430

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-48430
value: LOW

Trust: 1.0

productcert@siemens.com: CVE-2023-48430
value: LOW

Trust: 1.0

nvd@nist.gov: CVE-2023-48430
baseSeverity: LOW
baseScore: 2.7
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 1.2
impactScore: 1.4
version: 3.1

Trust: 2.0

sources: NVD: CVE-2023-48430 // NVD: CVE-2023-48430

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-392

Trust: 1.0

sources: NVD: CVE-2023-48430

EXTERNAL IDS

db:SIEMENSid:SSA-077170

Trust: 1.0

db:NVDid:CVE-2023-48430

Trust: 1.0

sources: NVD: CVE-2023-48430

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-077170.pdf

Trust: 1.0

sources: NVD: CVE-2023-48430

SOURCES

db:NVDid:CVE-2023-48430

LAST UPDATE DATE

2024-08-14T12:45:16.918000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2023-48430date:2023-12-14T19:37:28.207

SOURCES RELEASE DATE

db:NVDid:CVE-2023-48430date:2023-12-12T12:15:15.433