PT-2023-8055 · Siemens · Sinec Ins

Published

2023-12-12

Updated

2023-12-14

CVE-2023-48427

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions SINEC INS versions prior to V1.0 SP2 Update 2

Description The issue is related to errors in the certificate authentication procedure of the SINEC INS web interface, which could allow a remote attacker to intercept requests sent to the UMC server and potentially escalate privileges by manipulating responses. The affected products do not properly validate the certificate of the configured UMC server.

Recommendations For versions prior to V1.0 SP2 Update 2, update to V1.0 SP2 Update 2 or later to resolve the issue. As a temporary workaround, consider restricting access to the UMC server to minimize the risk of exploitation. Avoid using the vulnerable web interface until the issue is resolved.

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

BDU:2024-00032

CVE-2023-48427

Affected Products

Sinec Ins

PT-2023-8055 · Siemens · Sinec Ins

CVE-2023-48427

Weakness Enumeration

Related Identifiers

Affected Products

References · 7