CVE-2023-37482 MEDIUM

CVE-2023-37482

Vendor Siemens
Product SIMATIC Drive Controller CPU 1504D TF
Weakness CWE-203
Published February 11, 2025
Last update April 8, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

The login functionality of the web server in affected devices does not normalize the response times of login attempts. An unauthenticated remote attacker could exploit this side-channel information to distinguish between valid and invalid usernames.

Key dates

02Disclosure timeline

February 11, 2025 CVE published
April 8, 2025 Record updated