2025-02-11 13:03:48 +00:00
{
"id" : "CVE-2023-37482" ,
"sourceIdentifier" : "productcert@siemens.com" ,
"published" : "2025-02-11T11:15:11.427" ,
"lastModified" : "2025-02-11T11:15:11.427" ,
2025-02-16 03:03:51 +00:00
"vulnStatus" : "Awaiting Analysis" ,
2025-02-11 13:03:48 +00:00
"cveTags" : [ ] ,
"descriptions" : [
{
"lang" : "en" ,
"value" : "The login functionality of the web server in affected devices does not normalize the response times of login attempts. An unauthenticated remote attacker could exploit this side-channel information to distinguish between valid and invalid usernames."
2025-02-16 03:03:51 +00:00
} ,
{
"lang" : "es" ,
"value" : "La funcionalidad de inicio de sesi\u00f3n del servidor web en los dispositivos afectados no normaliza los tiempos de respuesta de los intentos de inicio de sesi\u00f3n. Un atacante remoto no autenticado podr\u00eda aprovechar esta informaci\u00f3n del canal secundario para distinguir entre nombres de usuario v\u00e1lidos e inv\u00e1lidos."
2025-02-11 13:03:48 +00:00
}
] ,
"metrics" : {
"cvssMetricV40" : [
{
"source" : "productcert@siemens.com" ,
"type" : "Secondary" ,
"cvssData" : {
"version" : "4.0" ,
"vectorString" : "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" ,
"baseScore" : 6.9 ,
"baseSeverity" : "MEDIUM" ,
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"attackRequirements" : "NONE" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
2025-03-02 03:03:52 +00:00
"vulnConfidentialityImpact" : "LOW" ,
"vulnIntegrityImpact" : "NONE" ,
"vulnAvailabilityImpact" : "NONE" ,
"subConfidentialityImpact" : "NONE" ,
"subIntegrityImpact" : "NONE" ,
"subAvailabilityImpact" : "NONE" ,
2025-02-11 13:03:48 +00:00
"exploitMaturity" : "NOT_DEFINED" ,
2025-03-02 03:03:52 +00:00
"confidentialityRequirement" : "NOT_DEFINED" ,
"integrityRequirement" : "NOT_DEFINED" ,
"availabilityRequirement" : "NOT_DEFINED" ,
2025-02-11 13:03:48 +00:00
"modifiedAttackVector" : "NOT_DEFINED" ,
"modifiedAttackComplexity" : "NOT_DEFINED" ,
"modifiedAttackRequirements" : "NOT_DEFINED" ,
"modifiedPrivilegesRequired" : "NOT_DEFINED" ,
"modifiedUserInteraction" : "NOT_DEFINED" ,
2025-03-02 03:03:52 +00:00
"modifiedVulnConfidentialityImpact" : "NOT_DEFINED" ,
"modifiedVulnIntegrityImpact" : "NOT_DEFINED" ,
"modifiedVulnAvailabilityImpact" : "NOT_DEFINED" ,
"modifiedSubConfidentialityImpact" : "NOT_DEFINED" ,
"modifiedSubIntegrityImpact" : "NOT_DEFINED" ,
"modifiedSubAvailabilityImpact" : "NOT_DEFINED" ,
"Safety" : "NOT_DEFINED" ,
"Automatable" : "NOT_DEFINED" ,
"Recovery" : "NOT_DEFINED" ,
2025-02-11 13:03:48 +00:00
"valueDensity" : "NOT_DEFINED" ,
"vulnerabilityResponseEffort" : "NOT_DEFINED" ,
"providerUrgency" : "NOT_DEFINED"
}
}
] ,
"cvssMetricV31" : [
{
"source" : "productcert@siemens.com" ,
2025-03-16 03:03:50 +00:00
"type" : "Secondary" ,
2025-02-11 13:03:48 +00:00
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" ,
"baseScore" : 5.3 ,
"baseSeverity" : "MEDIUM" ,
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "LOW" ,
"integrityImpact" : "NONE" ,
"availabilityImpact" : "NONE"
} ,
"exploitabilityScore" : 3.9 ,
"impactScore" : 1.4
}
]
} ,
"weaknesses" : [
{
"source" : "productcert@siemens.com" ,
2025-03-16 03:03:50 +00:00
"type" : "Secondary" ,
2025-02-11 13:03:48 +00:00
"description" : [
{
"lang" : "en" ,
"value" : "CWE-203"
}
]
}
] ,
"references" : [
{
"url" : "https://cert-portal.siemens.com/productcert/html/ssa-195895.html" ,
"source" : "productcert@siemens.com"
}
]
}
