ID

VAR-202312-0209


CVE

CVE-2023-48429


DESCRIPTION

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The Web UI of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the server. The server will automatically restart.

Trust: 1.0

sources: NVD: CVE-2023-48429

AFFECTED PRODUCTS

vendor:siemensmodel:sinec insscope:eqversion:1.0

Trust: 1.0

vendor:siemensmodel:sinec insscope:ltversion:1.0

Trust: 1.0

sources: NVD: CVE-2023-48429

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2023-48429
value: LOW

Trust: 1.0

productcert@siemens.com: CVE-2023-48429
baseSeverity: LOW
baseScore: 2.7
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 1.2
impactScore: 1.4
version: 3.1

Trust: 1.0

sources: NVD: CVE-2023-48429

PROBLEMTYPE DATA

problemtype:CWE-394

Trust: 1.0

problemtype:CWE-754

Trust: 1.0

sources: NVD: CVE-2023-48429

EXTERNAL IDS

db:SIEMENSid:SSA-077170

Trust: 1.0

db:NVDid:CVE-2023-48429

Trust: 1.0

sources: NVD: CVE-2023-48429

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-077170.pdf

Trust: 1.0

sources: NVD: CVE-2023-48429

SOURCES

db:NVDid:CVE-2023-48429

LAST UPDATE DATE

2024-08-14T12:52:11.300000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2023-48429date:2023-12-14T19:37:51.017

SOURCES RELEASE DATE

db:NVDid:CVE-2023-48429date:2023-12-12T12:15:15.083