How severe is CVE-2023-39480?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.4 out of 10.

What type of vulnerability is CVE-2023-39480?

This is classified as CWE-552, which is a common weakness in software security.

CVE-2023-39480 - MEDIUM Severity | CVSS 4.4

Vulnerability Description

Softing Secure Integration Server FileDirectory OPC UA Object Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of FileDirectory OPC UA Objects. The issue results from allowing unauthorized access to the filesystem. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20549.

Related Vulnerabilities

CVE-2020-3476

MEDIUM

CVSS:4.4(Medium)

A vulnerability in the CLI implementation of a specific command of Cisco IOS XE Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying host file system. T...

CWE-5522020

CVE-2021-1512

MEDIUM

CVSS:4.4(Medium)

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system of an affected system. This vulnerability is...

CWE-5522021

CVE-2022-22490

MEDIUM

CVSS:4.4(Medium)

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to obtain sensitive Azure bot credential information. IBM X-Force ID: 226342.

CWE-5522022

CVE-2022-45440

MEDIUM

CVSS:4.4(Medium)

A vulnerability exists in the FTP server of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0, which processes symbolic links on external storage media. A local authenticated attacker with adminis...

CWE-5522022

CVE-2024-35183

MEDIUM

CVSS:4.4(Medium)

wolfictl is a command line tool for working with Wolfi. A git authentication issue in versions prior to 0.16.10 allows a local user’s GitHub token to be sent to remote servers other than `github.com`....

CWE-5522024

CVE-2017-1602

MEDIUM

CVSS:4.3(Medium)

IBM RSA DM (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an authenticated user to access settings that they should not be able to using a specially crafted URL. IBM X-Force...

CWE-5522017