CVE-2023-27410

A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). A heap-based buffer overflow vulnerability was found in the edgebox_web_app binary. The binary will crash if supplied with a backup password longer than 255 characters. This could allow an authenticated privileged attacker to cause a denial of service.

Published: May 9, 2023
Updated: May 10, 2023
CVE: CVE-2023-27410
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 2.7
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

CWEs:

CWE-122

Affected Software
References

Software	From	Fixed in
siemens / scalance_lpe9403_firmware	-	2.1

https://cert-portal.siemens.com/productcert/pdf/ssa-325383.pdf

Vulnerability Database

289,599

CVE-2023-27410