Details of VAR-202312-0207

ID

VAR-202312-0207

CVE

CVE-2023-48427

TITLE

Siemens' SINEC INS Certificate validation vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2023-019617

DESCRIPTION

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected products do not properly validate the certificate of the configured UMC server. This could allow an attacker to intercept credentials that are sent to the UMC server as well as to manipulate responses, potentially allowing an attacker to escalate privileges. Siemens' SINEC INS Exists in a certificate validation vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2023-48427 // JVNDB: JVNDB-2023-019617

AFFECTED PRODUCTS

vendor:	siemens	model:	sinec ins	scope:	eq	version:	1.0	Trust: 1.0
vendor:	siemens	model:	sinec ins	scope:	lt	version:	1.0	Trust: 1.0
vendor:	シーメンス	model:	sinec ins	scope:	eq	version:	-	Trust: 0.8
vendor:	シーメンス	model:	sinec ins	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	sinec ins	scope:	eq	version:	1.0	Trust: 0.8

sources: JVNDB: JVNDB-2023-019617 // NVD: CVE-2023-48427

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-48427
value:	CRITICAL
Trust: 1.0
productcert@siemens.com:	CVE-2023-48427
value:	HIGH
Trust: 1.0
NVD:	CVE-2023-48427
value:	CRITICAL
Trust: 0.8

nvd@nist.gov:	CVE-2023-48427
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
productcert@siemens.com:	CVE-2023-48427
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2023-48427
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-019617 // NVD: CVE-2023-48427 // NVD: CVE-2023-48427

PROBLEMTYPE DATA

problemtype:	CWE-295	Trust: 1.0
problemtype:	Illegal certificate verification (CWE-295) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-019617 // NVD: CVE-2023-48427

EXTERNAL IDS

db:	NVD	id:	CVE-2023-48427	Trust: 2.6
db:	SIEMENS	id:	SSA-077170	Trust: 1.8
db:	ICS CERT	id:	ICSA-23-348-16	Trust: 0.8
db:	JVN	id:	JVNVU98271228	Trust: 0.8
db:	JVNDB	id:	JVNDB-2023-019617	Trust: 0.8

sources: JVNDB: JVNDB-2023-019617 // NVD: CVE-2023-48427

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-077170.pdf	Trust: 1.8
url:	https://jvn.jp/vu/jvnvu98271228/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-48427	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-16	Trust: 0.8

sources: JVNDB: JVNDB-2023-019617 // NVD: CVE-2023-48427

SOURCES

db:	JVNDB	id:	JVNDB-2023-019617
db:	NVD	id:	CVE-2023-48427

LAST UPDATE DATE

2024-08-14T12:09:22.349000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2023-019617	date:	2024-01-15T02:20:00
db:	NVD	id:	CVE-2023-48427	date:	2023-12-14T20:07:17.240

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2023-019617	date:	2024-01-15T00:00:00
db:	NVD	id:	CVE-2023-48427	date:	2023-12-12T12:15:14.677