ID

VAR-202312-0207


CVE

CVE-2023-48427


TITLE

Siemens'  SINEC INS  Certificate validation vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2023-019617

DESCRIPTION

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected products do not properly validate the certificate of the configured UMC server. This could allow an attacker to intercept credentials that are sent to the UMC server as well as to manipulate responses, potentially allowing an attacker to escalate privileges. Siemens' SINEC INS Exists in a certificate validation vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2023-48427 // JVNDB: JVNDB-2023-019617

AFFECTED PRODUCTS

vendor:siemensmodel:sinec insscope:eqversion:1.0

Trust: 1.0

vendor:siemensmodel:sinec insscope:ltversion:1.0

Trust: 1.0

vendor:シーメンスmodel:sinec insscope:eqversion: -

Trust: 0.8

vendor:シーメンスmodel:sinec insscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:sinec insscope:eqversion:1.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-019617 // NVD: CVE-2023-48427

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-48427
value: CRITICAL

Trust: 1.0

productcert@siemens.com: CVE-2023-48427
value: HIGH

Trust: 1.0

NVD: CVE-2023-48427
value: CRITICAL

Trust: 0.8

nvd@nist.gov: CVE-2023-48427
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

productcert@siemens.com: CVE-2023-48427
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2023-48427
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-019617 // NVD: CVE-2023-48427 // NVD: CVE-2023-48427

PROBLEMTYPE DATA

problemtype:CWE-295

Trust: 1.0

problemtype:Illegal certificate verification (CWE-295) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-019617 // NVD: CVE-2023-48427

EXTERNAL IDS

db:NVDid:CVE-2023-48427

Trust: 2.6

db:SIEMENSid:SSA-077170

Trust: 1.8

db:ICS CERTid:ICSA-23-348-16

Trust: 0.8

db:JVNid:JVNVU98271228

Trust: 0.8

db:JVNDBid:JVNDB-2023-019617

Trust: 0.8

sources: JVNDB: JVNDB-2023-019617 // NVD: CVE-2023-48427

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-077170.pdf

Trust: 1.8

url:https://jvn.jp/vu/jvnvu98271228/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-48427

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-16

Trust: 0.8

sources: JVNDB: JVNDB-2023-019617 // NVD: CVE-2023-48427

SOURCES

db:JVNDBid:JVNDB-2023-019617
db:NVDid:CVE-2023-48427

LAST UPDATE DATE

2024-08-14T12:09:22.349000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2023-019617date:2024-01-15T02:20:00
db:NVDid:CVE-2023-48427date:2023-12-14T20:07:17.240

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2023-019617date:2024-01-15T00:00:00
db:NVDid:CVE-2023-48427date:2023-12-12T12:15:14.677