Assigner | siemens |
Reserved | 2023-09-28 |
Published | 2023-11-14 |
Updated | 2024-06-11 |
Description
Affected devices allow to change the password, but insufficiently check which password is to be changed. With this an authenticated attacker could, under certain conditions, be able to change the password of another, potential admin user allowing her to escalate her privileges.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Problem types
CWE-567: Unsynchronized Access to Shared Data in a Multithreaded Context
Product status
Any version before V8.0
Any version before V8.0
Any version before V8.0
Any version before V8.0
Any version before V8.0
Any version before V8.0
Any version before V8.0
Any version before V8.0
Any version before V8.0
Any version before V8.0
Any version before V8.0
Any version before V8.0
Any version before V8.0
Any version before V8.0
Any version before V8.0
Any version before V8.0
Any version before V8.0
Any version before V8.0
Any version before V8.0
Any version before V8.0
Any version before *
Any version before *
Any version before *
Any version before *
Any version before *
Any version before *
Any version before *
Any version before *
Any version before *
Any version before *
Any version before *
Any version before *
Any version before *
Any version before *
Any version before *
Any version before *
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
Any version before V4.5
References
https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-180704.pdf
https://cert-portal.siemens.com/productcert/html/ssa-699386.html
https://cert-portal.siemens.com/productcert/html/ssa-180704.html
https://cert-portal.siemens.com/productcert/html/ssa-690517.html