PT-2023-2628 · Siemens · Scalance Lpe9403

Published

2023-05-09

Updated

2023-05-15

CVE-2023-27407

CVSS v3.1

9.9

Critical

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SCALANCE LPE9403 versions prior to V2.1

Description A vulnerability has been identified in the web-based management of the affected device, which does not properly validate user input, making it susceptible to command injection. This could allow an authenticated remote attacker to access the underlying operating system as the root user.

Recommendations For versions prior to V2.1, update to version V2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the web-based management interface to minimize the risk of exploitation. Avoid using the vulnerable web-based management interface until the issue is resolved.

Fix

OS Command Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-77

Related Identifiers

BDU:2023-02468

CVE-2023-27407

Affected Products

Scalance Lpe9403

PT-2023-2628 · Siemens · Scalance Lpe9403

CVE-2023-27407

Weakness Enumeration

Related Identifiers

Affected Products

References · 5