CVE-2023-48427

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected products do not properly validate the certificate of the configured UMC server. This could allow an attacker to intercept credentials that are sent to the UMC server as well as to manipulate responses, potentially allowing an attacker to escalate privileges.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*
cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*
cpe:2.3:a:siemens:sinec_ins:1.0:sp2:*:*:*:*:*:*
cpe:2.3:a:siemens:sinec_ins:1.0:sp2_update_1:*:*:*:*:*:*

History

14 Dec 2023, 20:07

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-12 12:15

Updated : 2024-02-28 20:54


NVD link : CVE-2023-48427

Mitre link : CVE-2023-48427

CVE.ORG link : CVE-2023-48427


JSON object : View

Products Affected

siemens

  • sinec_ins
CWE
CWE-295

Improper Certificate Validation