Use of Static TLS Certificate Known Hard Coded Private Keys in Adaptec Maxview Application

Monitor6.2SSA-511182Apr 11, 2023

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The Adaptec Maxview application shipped with affected SIMATIC IPCs contains a hard-coded, non-unique TLS certificate private key used to secure HTTPS connections between the browser and the local maxView configuration application. A local attacker with network access to the IPC may use this key to decrypt and intercept HTTPS traffic, then perform a man-in-the-middle attack to modify storage configurations, disk policies, or other management settings without authorization.

What this means

What could happen

A local attacker with access to the industrial PC could decrypt HTTPS traffic to the maxView storage configuration application and modify settings such as disk configurations or storage policies without detection.

Who's at risk

Transportation systems operators and municipal utilities running Siemens SIMATIC IPC industrial PCs (IPC1047, IPC647D/E, IPC847D/E series) that use the maxView Storage Manager for disk and storage management. Affects plants and facilities that depend on these storage controllers for critical data and log retention.

How it could be exploited

An attacker with local network access to an affected SIMATIC IPC intercepts HTTPS traffic to the maxView application running locally. Using the publicly known hard-coded TLS certificate private key, the attacker decrypts the traffic and injects commands to modify storage or system settings, or performs a man-in-the-middle attack to redirect management commands.

Prerequisites

Local or network access to the SIMATIC IPC
Access to network traffic between browser and maxView application (local network segment)
Knowledge of the hard-coded private key (publicly available)

Affects storage management systemsLocal/adjacent network access requiredHard-coded credentials (certificate private key)No patch available for some product versionsCVSS medium severity

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (6)

3 with fix3 pending

ProductAffected VersionsFix Status

SIMATIC IPC1047All versionsNo fix yet

SIMATIC IPC647DAll versionsNo fix yet

SIMATIC IPC847DAll versionsNo fix yet

SIMATIC IPC1047EAll versions with maxView Storage Manager < 4.09.00.25611 on WindowsmaxView Storage Manager 4.09.00.25611 or later

SIMATIC IPC647EAll versions with maxView Storage Manager < 4.09.00.25611 on WindowsmaxView Storage Manager 4.09.00.25611 or later

SIMATIC IPC847EAll versions with maxView Storage Manager < 4.09.00.25611 on WindowsmaxView Storage Manager 4.09.00.25611 or later

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGIsolate SIMATIC IPC network access to authorized engineering and operations personnel only; restrict physical and network access to the device

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate maxView Storage Manager to version 4.09.00.25611 or later on Windows systems

HARDENINGMonitor and log all management access to the maxView application; use TLS inspection tools to detect suspicious modification of storage settings

CVEs (1)

CVE-2023-23588

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e2dd52a5-5a47-4f67-b5b3-0a9232bcb051