How severe is CVE-2023-23588?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.3 out of 10.

What type of vulnerability is CVE-2023-23588?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2023-23588 - MEDIUM Severity | CVSS 6.3

Vulnerability Description

A vulnerability has been identified in SIMATIC IPC1047 (All versions), SIMATIC IPC1047E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC647D (All versions), SIMATIC IPC647E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC847D (All versions), SIMATIC IPC847E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows). The Adaptec Maxview application on affected devices is using a non-unique TLS certificate across installations to protect the communication from the local browser to the local application. A local attacker may use this key to decrypt intercepted local traffic between the browser and the application and could perform a man-in-the-middle attack in order to modify data in transit.

Related Vulnerabilities

CVE-2015-6918

MEDIUM

CVSS:6.3(Medium)

salt before 2015.5.5 leaks git usernames and passwords to the log.

CWE-2002015

CVE-2016-0899

MEDIUM

CVSS:6.3(Medium)

EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated users to read the web.config.bak file, and obtain sensitive credential information, by modifying the IIS configuration to set a Cont...

CWE-2002016

CVE-2017-6786

MEDIUM

CVSS:6.3(Medium)

A vulnerability in Cisco Elastic Services Controller could allow an authenticated, local, unprivileged attacker to access sensitive information, including credentials for system accounts, on an affect...

CWE-2002017

CVE-2018-18073

MEDIUM

CVSS:6.3(Medium)

Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object.

CWE-2002018

CVE-2019-4140

MEDIUM

CVSS:6.3(Medium)

IBM Tivoli Storage Manager Server (IBM Spectrum Protect 7.1 and 8.1) could allow a local user to replace existing databases by restoring old data. IBM X-Force ID: 158336.

CWE-2002019

CVE-2020-10195

MEDIUM

CVSS:6.3(Medium)

The popup-builder plugin before 3.64.1 for WordPress allows information disclosure and settings modification, leading to in-scope privilege escalation via admin-post actions to com/classes/Actions.php...

CWE-2002020