Mutex File Permission Flaw in SCALANCE LPE9403 by Siemens
CVE-2023-27408

3.3LOW

Key Information:

Vendor: Siemens
Status: Scalance Lpe9403
Vendor: CVE Published:; 9 May 2023

Summary

A vulnerability in the SCALANCE LPE9403 involves a mutex file, identified as i2c, which is set with overly permissive permissions of -rw-rw-rw-. This weak configuration allows an authenticated attacker, who has access to the device's SSH interface, to manipulate the mutex, potentially compromising the integrity of the mutex and any data it safeguards. Such interference could lead to unauthorized access or modification of critical data handled by applications interacting with the i2c subsystem.

Affected Version(s)

SCALANCE LPE9403 All versions < V2.1

References

https://cert-portal.siemens.com/productcert/pdf/ssa-32538...

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 9, 2023
Vulnerability Reserved
Mar 1, 2023