CVE-2023-48431

2023-12-1212:15:15

CWE-754

[email protected]

web.nvd.nist.gov

cve-2023-48431

sinec ins

umc server

malicious

traffic manipulation

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

EPSS

0.001

Percentile

25.7%

JSON

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected software does not correctly validate the response received by an UMC server. An attacker can use this to crash the affected software by providing and configuring a malicious UMC server or by manipulating the traffic from a legitimate UMC server (i.e. leveraging CVE-2023-48427).

Affected configurations

Nvd

Node

siemenssinec_insRange<1.0

siemenssinec_insMatch1.0-

siemenssinec_insMatch1.0sp1

siemenssinec_insMatch1.0sp2

siemenssinec_insMatch1.0sp2_update_1

VendorProductVersionCPE
siemenssinec_ins*cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*
siemenssinec_ins1.0cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*
siemenssinec_ins1.0cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*
siemenssinec_ins1.0cpe:2.3:a:siemens:sinec_ins:1.0:sp2:*:*:*:*:*:*
siemenssinec_ins1.0cpe:2.3:a:siemens:sinec_ins:1.0:sp2_update_1:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	sinec_ins	*	cpe:2.3:a:siemens:sinec_ins::::::::
siemens	sinec_ins	1.0	cpe:2.3:a:siemens:sinec_ins:1.0:-::::::
siemens	sinec_ins	1.0	cpe:2.3:a:siemens:sinec_ins:1.0:sp1::::::
siemens	sinec_ins	1.0	cpe:2.3:a:siemens:sinec_ins:1.0:sp2::::::
siemens	sinec_ins	1.0	cpe:2.3:a:siemens:sinec_ins:1.0:sp2_update_1::::::