Vulnerabilities > CVE-2023-27408 - Creation of Temporary File With Insecure Permissions vulnerability in Siemens Scalance Lpe9403 Firmware 2.0

047910
CVSS 3.3 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
LOW
Availability impact
NONE
local
low complexity
siemens
CWE-378

Summary

A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The `i2c` mutex file is created with the permissions bits of `-rw-rw-rw-`. This file is used as a mutex for multiple applications interacting with i2c. This could allow an authenticated attacker with access to the SSH interface on the affected device to interfere with the integrity of the mutex and the data it protects.

Vulnerable Configurations

Part Description Count
OS
Siemens
2
Hardware
Siemens
1