Siemens Adaptec Maxview Application
MonitorCVSS 6.2ICS-CERT ICSA-23-103-01Apr 11, 2023
SiemensTransportation
Attack path
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
The Adaptec Maxview application shipped with affected SIMATIC IPCs contains a hard-coded, non-unique certificate used to secure HTTPS connections between the browser and the local Maxview configuration application. A local attacker with access to the device could use this certificate to decrypt intercepted local traffic and perform a man-in-the-middle attack to modify configuration data in transit. Adaptec has released updates for some products, but no fix is available for the SIMATIC IPC1047, IPC647D, and IPC847D models.
What this means
What could happen
An attacker with physical or local access to the device could intercept and modify configuration data sent between the browser and the Maxview application, potentially altering storage system settings or configurations on your SIMATIC industrial PC.
Who's at risk
Transportation and utility operators using Siemens SIMATIC IPC industrial computers (IPC1047, IPC647D, IPC647E, IPC847D, IPC847E models) should assess exposure. These devices manage storage and data configuration; IPC models with Maxview Storage Manager are most directly affected. The vulnerability requires local access, limiting exposure for devices physically secured in control rooms.
How it could be exploited
An attacker must first gain local access to the SIMATIC IPC (physical access or local network access). Once on the device, the attacker can use the hard-coded certificate to decrypt HTTPS traffic between the browser and Maxview application, insert themselves as a man-in-the-middle, and modify configuration parameters in transit.
Prerequisites
- Local access to the SIMATIC IPC (physical or local network access)
- Ability to intercept local network traffic or access the local system
- No authentication required to exploit the hard-coded certificate
Local access required (not remotely exploitable)Hard-coded certificate enables decryption without authenticationNo patch available for IPC1047, IPC647D, IPC847D modelsDefault configuration vulnerable (no user action required for initial compromise)Configuration modification impacts industrial process data integrity
Exploitability
Unlikely to be exploited — EPSS score 0.1%
Affected products (6)
2 with fix4 EOL
ProductAffected VersionsFix Status
SIMATIC IPC1047All versionsNo fix (EOL)
SIMATIC IPC1047E<with maxView Storage Manager 4.09.00.25611 on WindowsNo fix (EOL)
SIMATIC IPC647DAll versionsNo fix (EOL)
SIMATIC IPC647E<with maxView Storage Manager 4.09.00.25611 on WindowsmaxView Storage Manager 4.09.00.25611+
SIMATIC IPC847DAll versionsNo fix (EOL)
SIMATIC IPC847E<with maxView Storage Manager 4.09.00.25611 on WindowsmaxView Storage Manager 4.09.00.25611+
Remediation & Mitigation
0/4
Do now
0/1WORKAROUNDReplace the default self-signed device X.509 certificate with a trusted certificate on devices where updates are not available
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
SIMATIC IPC1047
HOTFIXUpdate maxView Storage Manager to version 4.09.00.25611 or later on SIMATIC IPC1047E, IPC647E, and IPC847E models
Mitigations - no patch available
0/2The following products have reached End of Life with no planned fix: SIMATIC IPC1047, SIMATIC IPC1047E, SIMATIC IPC647D, SIMATIC IPC847D. Apply the following compensating controls:
HARDENINGRestrict network access to SIMATIC IPC devices using firewalls and network segmentation; ensure devices are not accessible from the Internet
HARDENINGImplement network isolation between control system devices and business networks
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/9b877037-16a0-4b34-b94b-5bd342b55ba6Get OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.