Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The `i2c` mutex file is created with the permissions bits of `-rw-rw-rw-`. This file is used as a mutex for multiple applications interacting with i2c. This could allow an authenticated attacker with access to the SSH interface on the affected device to interfere with the integrity of the mutex and the data it protects.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
创建拥有不安全权限的临时文件
Vulnerability Title
Siemens SCALANCE 安全漏洞
Vulnerability Description
Siemens SCALANCE是德国西门子(Siemens)公司的一系列以太网交换机。可连接到工业控制系统 (ICS) 设备,包括可编程逻辑控制器 (PLC) 和人机界面 (HMI) 系统。 Siemens SCALANCE 存在安全漏洞,该漏洞源于`i2c` 互斥文件是使用 `-rw-rw-rw-` 的权限位创建的。此文件用作与 i2c 交互的多个应用程序的互斥量。这可能允许经过身份验证的攻击者访问受影响设备上的 SSH 接口,从而干扰互斥锁及其保护的数据的完整性。
CVSS Information
N/A
Vulnerability Type
N/A