CVE-2023-48429

CVSS 3.1 Score 2.7 of 10 (low)

Details

Published Dec 12, 2023

Updated: Dec 14, 2023

CWE ID 394

CWE ID 754

Summary

CVE-2023-48429 is a vulnerability affecting SINEC INS systems (all versions below V1.0 SP2 Update 2). The Web UI fails to validate the length of parameters under specific conditions, leaving the door open for malicious admins to send malformed requests that can crash the server. Upon receiving such requests, the server will automatically restart.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Siemens AG

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tcDwqo
https://www.cve.org/CVERecord?id=CVE-2023-48429
https://nvd.nist.gov/vuln/detail/CVE-2023-48429

Back to Vulnerability Database

CVE-2023-48429

CVSS 3.1 Score 2.7 of 10 (low)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations