A vulnerability has been identified in SIMATIC IPC1047 (All versions), SIMATIC IPC1047E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC647D (All versions), SIMATIC IPC647E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC847D (All versions), SIMATIC IPC847E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows). The Adaptec Maxview application on affected devices is using a non-unique TLS certificate across installations to protect the communication from the local browser to the local application. A local attacker may use this key to decrypt intercepted local traffic between the browser and the application and could perform a man-in-the-middle attack in order to modify data in transit.
oryginał ENCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NMicrochip Maxview Storage Manager
APPMicrochip< 4.09.00.25611Siemens Simatic Ipc1047
HWSiemenswszystkie wersjeSiemens Simatic Ipc1047e
HWSiemenswszystkie wersjeSiemens Simatic Ipc1047 Firmware
OSSiemenswszystkie wersjeSiemens Simatic Ipc647d
HWSiemenswszystkie wersjeSiemens Simatic Ipc647d Firmware
OSSiemenswszystkie wersjeSiemens Simatic Ipc647e
HWSiemenswszystkie wersjeSiemens Simatic Ipc847d
HWSiemenswszystkie wersjeSiemens Simatic Ipc847d Firmware
OSSiemenswszystkie wersjeSiemens Simatic Ipc847e
HWSiemenswszystkie wersje
Powiązane podatności
An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel A...
Nieautoryzowany dostęp w maxView Storage Manager via Redfish Server
Nieautoryzowany dostęp w Microchip maxView Storage Manager przez serwer Redfish
An issue was discovered in Kernel 5.x in Insyde InsydeH2O, affecting HddPassword. Software SMI services that u...
A vulnerability exists in System Management Interrupt (SWSMI) handler of InsydeH2O UEFI Firmware code located ...