PT-2023-9653 · Microsemi+1 · Adaptec Maxview+4
Published
2023-04-11
·
Updated
2024-01-11
·
CVE-2023-23588
CVSS v3.1
6.3
Medium
| Vector | AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
SIMATIC IPC1047 versions prior to 4.09.00.25611
SIMATIC IPC1047E versions prior to 4.09.00.25611
SIMATIC IPC647D versions prior to 4.09.00.25611
SIMATIC IPC647E versions prior to 4.09.00.25611
SIMATIC IPC847D versions prior to 4.09.00.25611
SIMATIC IPC847E versions prior to 4.09.00.25611
Description
The issue is related to the use of a non-unique TLS certificate in the Adaptec Maxview application on affected devices. This could allow a local attacker to decrypt intercepted local traffic between the browser and the application and perform a man-in-the-middle attack to modify data in transit.
Recommendations
For SIMATIC IPC1047, update maxView Storage Manager to version 4.09.00.25611 or later.
For SIMATIC IPC1047E, update maxView Storage Manager to version 4.09.00.25611 or later.
For SIMATIC IPC647D, update maxView Storage Manager to version 4.09.00.25611 or later.
For SIMATIC IPC647E, update maxView Storage Manager to version 4.09.00.25611 or later.
For SIMATIC IPC847D, update maxView Storage Manager to version 4.09.00.25611 or later.
For SIMATIC IPC847E, update maxView Storage Manager to version 4.09.00.25611 or later.
Fix
Information Disclosure
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Adaptec Maxview
Simatic Ipc1047E
Simatic Ipc647E
Simatic Ipc847E
Maxview Storage Manager