First published: Tue Jan 09 2024(Updated: )
A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC647E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC847E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows). In default installations of maxView Storage Manager where Redfish® server is configured for remote system management, a vulnerability has been identified that can provide unauthorized access.
Credit: productcert@siemens.com
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
Microchip MAXVIEW Storage Manager | <4.14.00.26068 | |
Any of | ||
Siemens SIMATIC IPC1047E | ||
Siemens Simatic IPC647E Firmware | ||
Siemens Simatic IPC847E Firmware |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-51438 has been classified with a medium severity level due to potential unauthorized access risks.
To fix CVE-2023-51438, update the MaxView Storage Manager to version 4.14.00.26068 or above.
CVE-2023-51438 affects Siemens SIMATIC IPC1047E, IPC647E, and IPC847E models with MaxView Storage Manager versions lower than 4.14.00.26068.
Currently, there are no documented workarounds for CVE-2023-51438; updating software is the advised course of action.
The impact of CVE-2023-51438 may lead to unauthorized access, compromising the integrity and confidentiality of data on affected systems.