CVE-2023-27409

Name of the Vulnerable Software and Affected Versions SCALANCE LPE9403 versions prior to V2.1

Description A path traversal vulnerability was found in the deviceinfo binary via the mac parameter. This could allow an authenticated attacker with access to the SSH interface on the affected device to read the contents of any file named address. The vulnerability is related to incorrect restriction of directory path names with limited access, which may allow a remote attacker to gain unauthorized access to protected information.

Recommendations For SCALANCE LPE9403 versions prior to V2.1, update to version V2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the deviceinfo binary and the mac parameter to minimize the risk of exploitation.