CVE-2023-27407

Name of the Vulnerable Software and Affected Versions SCALANCE LPE9403 versions prior to V2.1

Description A vulnerability has been identified in the web-based management of the affected device, which does not properly validate user input, making it susceptible to command injection. This could allow an authenticated remote attacker to access the underlying operating system as the root user.

Recommendations For versions prior to V2.1, update to version V2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the web-based management interface to minimize the risk of exploitation. Avoid using the vulnerable web-based management interface until the issue is resolved.