ID

VAR-202312-0208


CVE

CVE-2023-48431


DESCRIPTION

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected software does not correctly validate the response received by an UMC server. An attacker can use this to crash the affected software by providing and configuring a malicious UMC server or by manipulating the traffic from a legitimate UMC server (i.e. leveraging CVE-2023-48427).

Trust: 1.0

sources: NVD: CVE-2023-48431

AFFECTED PRODUCTS

vendor:siemensmodel:sinec insscope:eqversion:1.0

Trust: 1.0

vendor:siemensmodel:sinec insscope:ltversion:1.0

Trust: 1.0

sources: NVD: CVE-2023-48431

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-48431
value: HIGH

Trust: 1.0

productcert@siemens.com: CVE-2023-48431
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2023-48431
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.1

Trust: 1.0

productcert@siemens.com: CVE-2023-48431
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 4.0
version: 3.1

Trust: 1.0

sources: NVD: CVE-2023-48431 // NVD: CVE-2023-48431

PROBLEMTYPE DATA

problemtype:CWE-754

Trust: 1.0

sources: NVD: CVE-2023-48431

EXTERNAL IDS

db:SIEMENSid:SSA-077170

Trust: 1.0

db:NVDid:CVE-2023-48431

Trust: 1.0

sources: NVD: CVE-2023-48431

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-077170.pdf

Trust: 1.0

sources: NVD: CVE-2023-48431

SOURCES

db:NVDid:CVE-2023-48431

LAST UPDATE DATE

2024-08-14T12:59:56.343000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2023-48431date:2023-12-14T19:37:00.257

SOURCES RELEASE DATE

db:NVDid:CVE-2023-48431date:2023-12-12T12:15:15.777