A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected products do not properly validate the certificate of the configured UMC server. This could allow an attacker to intercept credentials that are sent to the UMC server as well as to manipulate responses, potentially allowing an attacker to escalate privileges.
History

Mon, 25 Nov 2024 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2023-12-12T11:27:18.362Z

Updated: 2024-11-25T21:16:41.045Z

Reserved: 2023-11-16T16:30:40.849Z

Link: CVE-2023-48427

cve-icon Vulnrichment

Updated: 2024-08-02T21:30:35.359Z

cve-icon NVD

Status : Modified

Published: 2023-12-12T12:15:14.677

Modified: 2024-11-21T08:31:42.077

Link: CVE-2023-48427

cve-icon Redhat

No data.