CVE-2023-48428

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The radius configuration mechanism of affected products does not correctly check uploaded certificates. A malicious admin could upload a crafted certificate resulting in a denial-of-service condition or potentially issue commands on system level.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-077170.pdf	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:siemens:sinec_ins::::::::
	cpe:2.3:a:siemens:sinec_ins:1.0:-::::::
	cpe:2.3:a:siemens:sinec_ins:1.0:sp1::::::
	cpe:2.3:a:siemens:sinec_ins:1.0:sp2::::::
	cpe:2.3:a:siemens:sinec_ins:1.0:sp2_update_1::::::

History

14 Dec 2023, 19:38

Type	Values Removed	Values Added
CPE		cpe:2.3:a:siemens:sinec_ins:1.0:sp2:::::: cpe:2.3:a:siemens:sinec_ins:1.0:sp1:::::: cpe:2.3:a:siemens:sinec_ins:1.0:-:::::: cpe:2.3:a:siemens:sinec_ins:::::::: cpe:2.3:a:siemens:sinec_ins:1.0:sp2_update_1::::::
References	~~() https://cert-portal.siemens.com/productcert/pdf/ssa-077170.pdf -~~	() https://cert-portal.siemens.com/productcert/pdf/ssa-077170.pdf - Patch, Vendor Advisory

12 Dec 2023, 12:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-12-12 12:15

Updated : 2024-02-05 00:22

NVD link : CVE-2023-48428

Mitre link : CVE-2023-48428

CVE.ORG link : CVE-2023-48428

JSON object : View

Products Affected

siemens

sinec_ins

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2023-48428", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "productcert@siemens.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2023-12-12T12:15:14.873", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-077170.pdf", "tags": ["Patch", "Vendor Advisory"], "source": "productcert@siemens.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}, {"type": "Secondary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The radius configuration mechanism of affected products does not correctly check uploaded certificates. A malicious admin could upload a crafted certificate resulting in a denial-of-service condition or potentially issue commands on system level."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en SINEC INS (Todas las versiones < V1.0 SP2 Update 2). El mecanismo de configuraci\u00f3n de radio de los productos afectados no verifica correctamente los certificados cargados. Un administrador malintencionado podr\u00eda cargar un certificado manipulado, lo que provocar\u00eda una condici\u00f3n de denegaci\u00f3n de servicio o podr\u00eda emitir comandos a nivel del sistema."}], "lastModified": "2023-12-14T19:38:27.703", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C89891C1-DFD7-4E1F-80A9-7485D86A15B5", "versionEndExcluding": "1.0"}, {"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4664B195-AF14-4834-82B3-0B2C98020EB6"}, {"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75BC588E-CDF0-404E-AD61-02093A1DF343"}, {"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A334F7B4-7283-4453-BAED-D2E01B7F8A6E"}, {"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp2_update_1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6BEA71C-CA81-4B5D-A688-2B21E62DC351"}], "operator": "OR"}]}], "sourceIdentifier": "productcert@siemens.com"}