March 11, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – Multiple Microsoft Edge (Chromium-based) Vulnerabilities
September 18, 2023Rewterz Threat Advisory – CVE-2023-32461 – Dell PowerEdge BIOS and Dell Precision BIOS Vulnerability
September 18, 2023Rewterz Threat Advisory – Multiple Microsoft Edge (Chromium-based) Vulnerabilities
September 18, 2023Rewterz Threat Advisory – CVE-2023-32461 – Dell PowerEdge BIOS and Dell Precision BIOS Vulnerability
September 18, 2023
Severity
Medium
Analysis Summary
CVE-2023-38557 CVSS:8.2
Siemens Spectrum Power 7 could allow a local authenticated attacker to execute arbitrary code on the system, caused by incorrect permission assignment for critical resources. An attacker could exploit this vulnerability to execute arbitrary commands with administrative privileges on the system with elevated privileges.
CVE-2023-38558 CVSS:5.5
Siemens SIMATIC PCS neo (Administration Console) could allow a local authenticated attacker to obtain sensitive information, caused by insertion of sensitive information into externally-accessible files and directories. An attacker could <exploit this vulnerability to obtain administrative credentials and use this information to launch further attacks against the affected system.
Impact
- Code Execution
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-38557
- CVE-2023-38558
Affected Vendors
Siemens
Affected Products
- Siemens Spectrum Power 7 V23Q2
- Siemens Spectrum Power 7 V23Q1
- Siemens SIMATIC PCS neo (Administration Console) 4.0
- Siemens SIMATIC PCS neo (Administration Console) 4.0 Update 1
Remediation
Refer to Siemens Security Advisory for patch, upgrade or suggested workaround information.