Siemens SINEC INS up to 1.0 SP2 Update 1 Request status code
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 2.6 | $0-$5k | 0.00 |
Summary
A vulnerability marked as problematic has been reported in Siemens SINEC INS up to 1.0 SP2 Update 1. Affected by this issue is some unknown functionality of the component Request Handler. Performing a manipulation results in status code. This vulnerability is known as CVE-2023-48429. Remote exploitation of the attack is possible. No exploit is available. It is suggested to install a patch to address this issue.
Details
A vulnerability classified as problematic has been found in Siemens SINEC INS up to 1.0 SP2 Update 1. This affects an unknown code of the component Request Handler. The manipulation with an unknown input leads to a status code vulnerability. CWE is classifying the issue as CWE-394. The product does not properly check when a function or operation returns a value that is legitimate for the function, but is not expected by the product. This is going to have an impact on availability. The summary by CVE is:
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The Web UI of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the server. The server will automatically restart.
The weakness was published 12/12/2023 as ssa-077170. The advisory is shared at cert-portal.siemens.com. This vulnerability is uniquely identified as CVE-2023-48429 since 11/16/2023. Neither technical details nor an exploit are publicly available.
Applying the patch 1.0 SP2 Update 2 is able to eliminate this problem.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Product
Vendor
Name
Version
License
Website
- Vendor: https://www.siemens.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 2.7VulDB Meta Temp Score: 2.7
VulDB Base Score: 2.7
VulDB Temp Score: 2.6
VulDB Vector: 🔍
VulDB Reliability: 🔍
CNA Base Score: 2.7
CNA Vector (Siemens AG): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Status codeCWE: CWE-394 / CWE-393
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
0-Day Time: 🔍
Patch: 1.0 SP2 Update 2
Timeline
11/16/2023 🔍12/12/2023 🔍
12/12/2023 🔍
12/12/2023 🔍
Sources
Vendor: siemens.comAdvisory: ssa-077170
Status: Confirmed
CVE: CVE-2023-48429 (🔍)
GCVE (CVE): GCVE-0-2023-48429
GCVE (VulDB): GCVE-100-247545
Entry
Created: 12/12/2023 13:29Changes: 12/12/2023 13:29 (50)
Complete: 🔍
Cache ID: 216::103
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
No comments yet. Languages: en.
Please log in to comment.