CVE-2023-51438 | SIMATIC IPC - maxView Storage Manager Operational Intel

Executive Risk Summary

"A vulnerability in SIMATIC IPC's maxView Storage Manager allows unauthorized access when Redfish server is configured for remote system management. This vulnerability affects SIMATIC IPC1047E, IPC647E, and IPC847E with maxView Storage Manager versions less than V4.14.00.26068 on Windows."

Operational Audit Arsenal

Target Type Firmware Image

Target Asset maxView Storage Manager

Standard Path %windir%\maxView Storage Manager

PowerShell

# 🛠️ Senior Engineer Universal Audit
# Target: maxView Storage Manager (Firmware Image)
$Targets = 'maxView Storage Manager'
$SearchPaths = @("$env:windir\System32", "$env:ProgramFiles", "${env:ProgramFiles(x86)}")

Get-ChildItem -Path $SearchPaths -Include $Targets -Recurse -ErrorAction SilentlyContinue | 
Select-Object FullName, @{Name="Version";Expression={$_.VersionInfo.ProductVersion}}

Patch Impact Forecast

Reboot Required Likely

Moderate, may require downtime for patch application

Internal Work Notes

Vulnerability in SIMATIC IPC's maxView Storage Manager allows unauthorized access, patch to version V4.14.00.26068 or later to mitigate risk

Technical Intelligence & Operational Utilities • Delivered Weekly

Intelligence Sources

Official Advisoryhttps://cert-portal.siemens.com/productcert/pdf/ssa-702935.pdf

Related Siemens Threats

CVE-2024-54678 CVSS 8.2

SIMATIC PCS neo, SIMATIC S7-PLCSIM, SIMATIC STEP 7, SIMATIC WinCC, SIMOCODE ES, SIMOTION SCOUT TIA, SINAMICS Startdrive, SIRIUS Safety ES, SIRIUS Soft Starter ES, TIA Portal Cloud, TIA Portal Test Suite

CVE-2024-22042 CVSS 7.8

Unicam FX

Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.