PT-2024-1007 · Siemens · Simatic Ipc847E+3
Published
2024-01-09
·
Updated
2024-01-17
·
CVE-2023-51438
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SIMATIC IPC1047E versions with maxView Storage Manager prior to V4.14.00.26068
SIMATIC IPC647E versions with maxView Storage Manager prior to V4.14.00.26068
SIMATIC IPC847E versions with maxView Storage Manager prior to V4.14.00.26068
Description
A vulnerability has been identified in the maxView Storage Manager of SIMATIC IPC devices, which can provide unauthorized access when the Redfish server is configured for remote system management. The issue is related to errors in processing input data, allowing a remote attacker to gain full unauthorized access to the device.
Recommendations
For SIMATIC IPC1047E with maxView Storage Manager prior to V4.14.00.26068, update maxView Storage Manager to version V4.14.00.26068 or later.
For SIMATIC IPC647E with maxView Storage Manager prior to V4.14.00.26068, update maxView Storage Manager to version V4.14.00.26068 or later.
For SIMATIC IPC847E with maxView Storage Manager prior to V4.14.00.26068, update maxView Storage Manager to version V4.14.00.26068 or later.
As a temporary workaround, consider disabling the Redfish server for remote system management until the maxView Storage Manager is updated.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Simatic Ipc1047E
Simatic Ipc647E
Simatic Ipc847E
Maxview Storage Manager