CVE-2023-51438

Summary

A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC647E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC847E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows). In default installations of maxView Storage Manager where Redfish® server is configured for remote system management, a vulnerability has been identified that can provide unauthorized access.

Affected Software

VendorProductVersion RangeStatus
SiemensSIMATIC IPC1047EAll versions with maxView Storage Manager < V4.14.00.26068 on Windowsaffected
SiemensSIMATIC IPC647EAll versions with maxView Storage Manager < V4.14.00.26068 on Windowsaffected
SiemensSIMATIC IPC847EAll versions with maxView Storage Manager < V4.14.00.26068 on Windowsaffected

Weaknesses

  • CWE-20: CWE-20: Improper Input Validation

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

References