CVE-2023-51438 CRITICAL

CVE-2023-51438

Vendor Siemens

Product SIMATIC IPC1047E

Weakness CWE-20 · Input validation

Published January 9, 2024

Last update May 22, 2025

View on NVD All CVEs

CVSS base score

10.0/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C

What the vulnerability does

01Description

A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC647E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC847E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows). In default installations of maxView Storage Manager where Redfish® server is configured for remote system management, a vulnerability has been identified that can provide unauthorized access.

Key dates

02Disclosure timeline

January 9, 2024 CVE published

May 22, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-51438

Related vulnerabilities

Identifiers

CVE CVE-2023-51438

CWE CWE-20

CVSS 10.0 / CRITICAL

Affected versions

Vendor Siemens

Product SIMATIC IPC1047E

Affected All versions with maxView Storage Manager < V4.14.00.26068 on Windows

Vendor Siemens

Product SIMATIC IPC647E

Affected All versions with maxView Storage Manager < V4.14.00.26068 on Windows

Vendor Siemens

Product SIMATIC IPC847E

Affected All versions with maxView Storage Manager < V4.14.00.26068 on Windows

CVE-2023-51438

01Description

02Disclosure timeline

03References

04Related CVE