Full Report
MaxView Storage Manager shipped with affected SIMATIC IPCs contains a Redfish Server Vulnerability that could provide unauthorized access. Microchip has released new versions for the affected products and recommends to update to the latest versions.
Analysis Summary
# Vulnerability: Redfish Server Improper Input Validation in maxView Storage Manager
## CVE Details
- **CVE ID:** CVE-2023-51438
- **CVSS Score:** 10.0 (Critical)
- **Vector String:** CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- **CWE:** CWE-20 (Improper Input Validation)
## Affected Systems
- **Products:**
- SIMATIC IPC647E
- SIMATIC IPC847E
- SIMATIC IPC1047E
- **Versions:** All versions where maxView Storage Manager is earlier than V4.14.00.26068.
- **Configurations:** Systems running maxView Storage Manager on **Windows** with the **Redfish® server** configured for remote system management.
## Vulnerability Description
A critical flaw exists in the Redfish server component of Microchip maxView Storage Manager when used for remote management of SIMATIC IPCs. Due to improper input validation (CWE-20), the application fails to correctly verify incoming data. This can be leveraged by an unauthenticated attacker to bypass security controls and gain unauthorized access to the storage management interface. Because the Redfish service manages hardware-level storage configurations, this flaw could allow for complete system compromise.
## Exploitation
- **Status:** PoC available (indicated by CVSS "E:P" / Proof-of-Concept code exists).
- **Complexity:** Low
- **Attack Vector:** Network (Remote)
## Impact
- **Confidentiality:** High (Total loss of confidentiality)
- **Integrity:** High (Total loss of system integrity)
- **Availability:** High (Total loss of availability)
## Remediation
### Patches
Siemens and Microchip recommend updating maxView Storage Manager to **V4.14.00.26068 or later**.
- Microchip Download: hxxps[://]storage[.]microsemi[.]com/en-us/support/raid/sas_raid/asr-3151-4i/
### Workarounds
No specific software workaround is provided other than the patch. Siemens recommends the following general mitigations:
- Protect network access to devices with appropriate physical and logical security mechanisms.
- Operate devices strictly within protected IT environments.
- Adhere to Siemens’ operational guidelines for Industrial Security.
## Detection
- **Indicators of Compromise:** Monitor for unusual administrative traffic on the Redfish server port (typically used for RESTful management APIs).
- **Detection methods and tools:** Audit version numbers of `maxView Storage Manager` on Windows-based SIMATIC IPCs. Vulnerability scanners should check for the presence of the Redfish service on affected hardware.
## References
- **Siemens Advisory:** hxxps[://]cert-portal[.]siemens[.]com/productcert/html/ssa-702935[.]html
- **Microchip Vendor Statement:** hxxps[://]www[.]microchip[.]com/en-us/solutions/embedded-security/how-to-report-potential-product-security-vulnerabilities/maxview-storage-manager-redfish-server-vulnerability
- **Industrial Security Guidelines:** hxxps[://]www[.]siemens[.]com/cert/operational-guidelines-industrial-security