Sign-up

ID

VAR-202403-0703


CVE

CVE-2023-45793


DESCRIPTION

A vulnerability has been identified in Siveillance Control (All versions >= V2.8 < V3.1.1). The affected product does not properly check the list of access groups that are assigned to an individual user. This could enable a locally logged on user to gain write privileges for objects where they only have read privileges.

Trust: 1.0

sources: NVD: CVE-2023-45793

AFFECTED PRODUCTS

vendor:siemensmodel:siveillance controlscope:ltversion:3.1.1

Trust: 1.0

vendor:siemensmodel:siveillance controlscope:gteversion:2.8

Trust: 1.0

sources: NVD: CVE-2023-45793

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2023-45793
value: MEDIUM

Trust: 1.0

productcert@siemens.com: CVE-2023-45793
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: NVD: CVE-2023-45793

PROBLEMTYPE DATA

problemtype:CWE-863

Trust: 1.0

sources: NVD: CVE-2023-45793

EXTERNAL IDS

db:SIEMENSid:SSA-145196

Trust: 1.0

db:NVDid:CVE-2023-45793

Trust: 1.0

sources: NVD: CVE-2023-45793

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-145196.html

Trust: 1.0

sources: NVD: CVE-2023-45793

SOURCES

db:NVDid:CVE-2023-45793

LAST UPDATE DATE

2025-10-11T23:40:34.899000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2023-45793date:2025-10-10T15:18:17.360

SOURCES RELEASE DATE

db:NVDid:CVE-2023-45793date:2024-03-12T11:15:47.503