As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
1. EXECUTIVE SUMMARY
- CVSS v4 9.3
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: Location Intelligence Perpetual Large, Location Intelligence Perpetual Medium, Location Intelligence Perpetual Non-Prod, Location Intelligence Perpetual Small, Location Intelligence SUS Large, Location Intelligence SUS Medium, Location Intelligence SUS Non-Prod, Location Intelligence SUS Small
- Vulnerability: Use of Hard-coded Credentials
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to obtain full administrative access to the application.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following Siemens products are affected:
- Location Intelligence Perpetual Large (9DE5110-8CA13-1AX0): All versions prior to V4.3
- Location Intelligence Perpetual Medium (9DE5110-8CA12-1AX0): All versions prior to V4.3
- Location Intelligence Perpetual Non-Prod (9DE5110-8CA10-1AX0): All versions prior to V4.3
- Location Intelligence Perpetual Small (9DE5110-8CA11-1AX0): All versions prior to V4.3
- Location Intelligence SUS Large (9DE5110-8CA13-1BX0): All versions prior to V4.3
- Location Intelligence SUS Medium (9DE5110-8CA12-1BX0): All versions prior to V4.3
- Location Intelligence SUS Non-Prod (9DE5110-8CA10-1BX0): All versions prior to V4.3
- Location Intelligence SUS Small (9DE5110-8CA11-1BX0): All versions prior to V4.3
3.2 Vulnerability Overview
3.2.1 USE OF HARD-CODED CREDENTIALS CWE-798[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from All CISA Advisories
Read the original article: