Path Traversal Vulnerability in SCALANCE LPE9403 by Siemens
CVE-2023-27409

2.5LOW

Key Information:

Vendor: Siemens
Status: Scalance Lpe9403
Vendor: CVE Published:; 9 May 2023

Summary

A security vulnerability has been discovered in SCALANCE LPE9403 devices where a path traversal issue exists within the deviceinfo binary. By manipulating the mac parameter, an authenticated attacker with SSH access could potentially read the contents of sensitive files, such as those named 'address'. This flaw highlights the importance of securing SSH interfaces to prevent unauthorized file access and protect sensitive configurations.

Affected Version(s)

SCALANCE LPE9403 All versions < V2.1

References

https://cert-portal.siemens.com/productcert/pdf/ssa-32538...

CVSS V3.1

Score:

2.5

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 9, 2023
Vulnerability Reserved
Mar 1, 2023