Lucene search

SiemensCVELIST:CVE-2023-27409

HistoryMay 09, 2023 - 11:51 a.m.

CVE-2023-27409

2023-05-0911:51:24

CWE-22

siemens

www.cve.org

vulnerability

scalance lpe9403

path traversal

mac parameter

ssh interface

CVSS3

2.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

AI Score

3.9

Confidence

High

EPSS

Percentile

10.5%

JSON

A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). A path traversal vulnerability was found in the deviceinfo binary via the mac parameter. This could allow an authenticated attacker with access to the SSH interface on the affected device to read the contents of any file named address.

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "SCALANCE LPE9403",
    "versions": [
      {
        "version": "All versions < V2.1",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-325383.pdf

CVSS3

2.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

AI Score

3.9

Confidence

High

EPSS

Percentile

10.5%

JSON

Related for CVELIST:CVE-2023-27409