#VU85255 Input validation error in maxView Storage Manager - CVE-2023-51438

Cybersecurity Help s.r.o.

Published: 2024-01-10

Vulnerability identifier: #VU85255

Vulnerability risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2023-51438

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
maxView Storage Manager
Other software / Other software solutions

Vendor: Microchip Technology

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the default installations of maxView Storage Manager where Redfish server is configured for remote system management. A remote attacker can gain unauthorized access.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

maxView Storage Manager: before 4.14.00.26068

External links
https://cert-portal.siemens.com/productcert/pdf/ssa-702935.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Improper access control in Siemens SIMATIC IPCs

Improper access control in Microchip maxView Storage Manager