PT-2023-30850 · Siemens · Sinec Ins
Published
2023-12-12
·
Updated
2023-12-14
·
CVE-2023-48431
CVSS v3.1
8.6
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
SINEC INS versions prior to V1.0 SP2 Update 2
Description
A vulnerability has been identified in the affected software, where it does not correctly validate the response received by a UMC server. This can be exploited by an attacker to crash the affected software by either providing and configuring a malicious UMC server or by manipulating the traffic from a legitimate UMC server.
Recommendations
For versions prior to V1.0 SP2 Update 2, update to V1.0 SP2 Update 2 or later to resolve the issue. As a temporary workaround, consider restricting access to the UMC server to minimize the risk of exploitation.
Fix
Improper Check for Exceptional Conditions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sinec Ins