CVE-2023-27407: OS Command Injection
First published: Tue May 09 2023(Updated: )
A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The web based management of affected device does not properly validate user input, making it susceptible to command injection. This could allow an authenticated remote attacker to access the underlying operating system as the root user.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| siemens scalance lpe9403 firmware | <2.1 | |
| siemens scalance lpe9403 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-27407?
The severity of CVE-2023-27407 is critical with a severity value of 9.9.
What is the affected software of CVE-2023-27407?
The affected software of CVE-2023-27407 is SCALANCE LPE9403 firmware versions below 2.1.
What is the vulnerability type of CVE-2023-27407?
The vulnerability type of CVE-2023-27407 is command injection.
How does CVE-2023-27407 affect the device?
CVE-2023-27407 allows an authenticated remote attacker to access the underlying operating system of the affected device.
Is SCALANCE LPE9403 version 2.1 vulnerable to CVE-2023-27407?
No, SCALANCE LPE9403 version 2.1 is not vulnerable to CVE-2023-27407.
- agent/weakness
- agent/type
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/references
- agent/author
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- agent/event
- agent/source
- vendor/siemens
- canonical/siemens scalance lpe9403 firmware
- canonical/siemens scalance lpe9403