Vulnerability Details : CVE-2023-27408
A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The `i2c` mutex file is created with the permissions bits of `-rw-rw-rw-`. This file is used as a mutex for multiple applications interacting with i2c. This could allow an authenticated attacker with access to the SSH interface on the affected device to interfere with the integrity of the mutex and the data it protects.
Products affected by CVE-2023-27408
- cpe:2.3:o:siemens:scalance_lpe9403_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-27408
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 14 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-27408
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.3
|
LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
1.8
|
1.4
|
Siemens AG |
CWE ids for CVE-2023-27408
-
Opening temporary files without appropriate measures or controls can leave the file, its contents and any function that it impacts vulnerable to attack.Assigned by: productcert@siemens.com (Primary)
References for CVE-2023-27408
-
https://cert-portal.siemens.com/productcert/pdf/ssa-325383.pdf
Vendor Advisory
Jump to