CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
9.0%
A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The i2c
mutex file is created with the permissions bits of -rw-rw-rw-
. This file is used as a mutex for multiple applications interacting with i2c. This could allow an authenticated attacker with access to the SSH interface on the affected device to interfere with the integrity of the mutex and the data it protects.
Vendor | Product | Version | CPE |
---|---|---|---|
siemens | scalance_lpe9403_firmware | * | cpe:2.3:o:siemens:scalance_lpe9403_firmware:*:*:*:*:*:*:*:* |
siemens | scalance_lpe9403 | - | cpe:2.3:h:siemens:scalance_lpe9403:-:*:*:*:*:*:*:* |
[
{
"vendor": "Siemens",
"product": "SCALANCE LPE9403",
"versions": [
{
"version": "All versions < V2.1",
"status": "affected"
}
],
"defaultStatus": "unknown"
}
]