Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-48427

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected products do not properly validate the certificate of the configured UMC server. This could allow an attacker to intercept credentials that are sent to the UMC server as well as to manipulate responses, potentially allowing an attacker to escalate privileges.

Published

2023-12-12T12:15:14.677

Last Modified

2024-11-21T08:31:42.077

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.1 (HIGH)

Weaknesses

Type: Secondary
CWE-295
Type: Primary
CWE-295

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	siemens	sinec_ins	< 1.0	Yes
Application	siemens	sinec_ins	1.0	Yes
Application	siemens	sinec_ins	1.0	Yes
Application	siemens	sinec_ins	1.0	Yes
Application	siemens	sinec_ins	1.0	Yes

References

https://cert-portal.siemens.com/productcert/pdf/ssa-077170.pdf Patch, Vendor Advisory ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-077170.pdf Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)