First published: Tue Dec 12 2023(Updated: )
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected products do not properly validate the certificate of the configured UMC server. This could allow an attacker to intercept credentials that are sent to the UMC server as well as to manipulate responses, potentially allowing an attacker to escalate privileges.
Credit: productcert@siemens.com
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens SINEC Ins | <1.0 | |
Siemens SINEC Ins | =1.0 | |
Siemens SINEC Ins | =1.0-sp1 | |
Siemens SINEC Ins | =1.0-sp2 | |
Siemens SINEC Ins | =1.0-sp2_update_1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-48427 has been classified as critical due to its potential to allow attackers to intercept sensitive credentials.
To fix CVE-2023-48427, upgrade to Siemens SINEC INS version 1.0 SP2 Update 2 or later.
All versions of Siemens SINEC INS prior to 1.0 SP2 Update 2 are affected by CVE-2023-48427.
CVE-2023-48427 could enable man-in-the-middle attacks where an attacker may intercept and manipulate credentials sent to the UMC server.
No official workaround exists for CVE-2023-48427, and the best course of action is to apply the available updates.