CVE-2023-23588: Infoleak
First published: Tue Apr 11 2023(Updated: )
A vulnerability has been identified in SIMATIC IPC1047 (All versions), SIMATIC IPC1047E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC647D (All versions), SIMATIC IPC647E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC847D (All versions), SIMATIC IPC847E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows). The Adaptec Maxview application on affected devices is using a non-unique TLS certificate across installations to protect the communication from the local browser to the local application. A local attacker may use this key to decrypt intercepted local traffic between the browser and the application and could perform a man-in-the-middle attack in order to modify data in transit.
Credit: productcert@siemens.com productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Siemens Simatic Ipc647d Firmware | ||
| Siemens Simatic Ipc647d | ||
| All of | ||
| Siemens Simatic Ipc847d Firmware | ||
| Siemens Simatic Ipc847d | ||
| All of | ||
| Siemens Simatic Ipc1047 Firmware | ||
| Siemens Simatic Ipc1047 | ||
| All of | ||
| Microchip Maxview Storage Manager | <4.09.00.25611 | |
| Any of | ||
| Siemens Simatic Ipc1047e | ||
| Siemens Simatic Ipc647e | ||
| Siemens Simatic Ipc847e | ||
| Siemens Simatic Ipc647d Firmware | ||
| Siemens Simatic Ipc647d | ||
| Siemens Simatic Ipc847d Firmware | ||
| Siemens Simatic Ipc847d | ||
| <4.09.00.25611 | ||
| Siemens Simatic Ipc647e | ||
| Siemens Simatic Ipc847e |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-23588?
The severity of CVE-2023-23588 is medium with a CVSS score of 6.3.
Which software versions are affected by CVE-2023-23588?
SIMATIC IPC1047, SIMATIC IPC1047E, SIMATIC IPC647D, SIMATIC IPC647E, and SIMATIC IPC847D versions with maxView Storage Manager < 4.09.00.25611 on Windows are affected.
What is the vulnerability description of CVE-2023-23588?
CVE-2023-23588 is a vulnerability that has been identified in SIMATIC IPC1047, SIMATIC IPC1047E, SIMATIC IPC647D, SIMATIC IPC647E, and SIMATIC IPC847D. It allows an attacker to bypass security mechanisms and perform unauthorized actions.
How can I fix CVE-2023-23588?
To fix CVE-2023-23588, it is recommended to update the maxView Storage Manager to version 4.09.00.25611 or later.
Where can I find more information about CVE-2023-23588?
More information about CVE-2023-23588 can be found in the Siemens ProductCERT advisory at the following link: [Siemens ProductCERT advisory](https://cert-portal.siemens.com/productcert/pdf/ssa-511182.pdf).
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/references
- agent/severity
- agent/description
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/softwarecombine
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/siemens
- canonical/siemens simatic ipc647d firmware
- canonical/siemens simatic ipc647d
- canonical/siemens simatic ipc847d firmware
- canonical/siemens simatic ipc847d
- vendor/microsemi
- canonical/siemens simatic ipc647e
- canonical/siemens simatic ipc847e
- canonical/siemens simatic ipc1047 firmware
- canonical/siemens simatic ipc1047
- vendor/microchip
- canonical/microchip maxview storage manager
- canonical/siemens simatic ipc1047e