CVE-2023-44317

EPSS 0.15%
Published 14.11.2023 11:15:12
Last modified 14.01.2025 11:15:13
Source productcert@siemens.com
Teams watchlist Login
Open Login

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.2.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V7.2.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V7.2.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V7.2.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V7.2.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V7.2.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V7.2.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V7.2.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V7.2.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V7.2.2), SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V3.0.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V3.0.0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions < V3.0.0), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) (All versions < V3.0.0), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (All versions < V3.0.0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions < V3.0.0), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) (All versions < V3.0.0), SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) (All versions < V3.0.0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0) (All versions < V3.0.0), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) (All versions < V3.0.0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0) (All versions < V3.0.0). Affected products do not properly validate the content of uploaded X509 certificates which could allow an attacker with administrative privileges to execute arbitrary code on the device.

Affected products Warnungen 0 Metrics 3 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Siemens ≫ Scalance Xb208 (e/ip) Firmware Version-

Siemens ≫ Scalance Xb208 (e/ip) Version-

Siemens ≫ Scalance Xb208 (pn) Firmware Version-

Siemens ≫ Scalance Xb208 (pn) Version-

Siemens ≫ Scalance Xb216 (e/ip) Firmware Version-

Siemens ≫ Scalance Xb216 (e/ip) Version-

Siemens ≫ Scalance Xb216 (pn) Firmware Version-

Siemens ≫ Scalance Xb216 (pn) Version-

Siemens ≫ Scalance Xc206-2 (sc) Firmware Version-

Siemens ≫ Scalance Xc206-2 (sc) Version-

Siemens ≫ Scalance Xc206-2 (st/bfoc) Firmware Version-

Siemens ≫ Scalance Xc206-2 (st/bfoc) Version-

Siemens ≫ Scalance Xc206-2g Poe Firmware Version-

Siemens ≫ Scalance Xc206-2g Poe Version-

Siemens ≫ Scalance Xc206-2g Poe (54 V Dc) Firmware Version-

Siemens ≫ Scalance Xc206-2g Poe (54 V Dc) Version-

Siemens ≫ Scalance Xc206-2g Poe Eec (54 V Dc) Firmware Version-

Siemens ≫ Scalance Xc206-2g Poe Eec (54 V Dc) Version-

Siemens ≫ Scalance Xc206-2sfp Firmware Version-

Siemens ≫ Scalance Xc206-2sfp Version-

Siemens ≫ Scalance Xc206-2sfp Eec Firmware Version-

Siemens ≫ Scalance Xc206-2sfp Eec Version-

Siemens ≫ Scalance Xc206-2sfp G Firmware Version-

Siemens ≫ Scalance Xc206-2sfp G Version-

Siemens ≫ Scalance Xc206-2sfp G (eip Def.) Firmware Version-

Siemens ≫ Scalance Xc206-2sfp G (eip Def.) Version-

Siemens ≫ Scalance Xc206-2sfp G Eec Firmware Version-

Siemens ≫ Scalance Xc206-2sfp G Eec Version-

Siemens ≫ Scalance Xc208 Firmware Version-

Siemens ≫ Scalance Xc208 Version-

Siemens ≫ Scalance Xc208eec Firmware Version-

Siemens ≫ Scalance Xc208eec Version-

Siemens ≫ Scalance Xc208g Firmware Version-

Siemens ≫ Scalance Xc208g Version-

Siemens ≫ Scalance Xc208g (eip Def.) Firmware Version-

Siemens ≫ Scalance Xc208g (eip Def.) Version-

Siemens ≫ Scalance Xc208g Eec Firmware Version-

Siemens ≫ Scalance Xc208g Eec Version-

Siemens ≫ Scalance Xc208g Poe Firmware Version-

Siemens ≫ Scalance Xc208g Poe Version-

Siemens ≫ Scalance Xc208g Poe (54 V Dc) Firmware Version-

Siemens ≫ Scalance Xc208g Poe (54 V Dc) Version-

Siemens ≫ Scalance Xc216 Firmware Version-

Siemens ≫ Scalance Xc216 Version-

Siemens ≫ Scalance Xc216-3g Poe Firmware Version-

Siemens ≫ Scalance Xc216-3g Poe Version-

Siemens ≫ Scalance Xc216-3g Poe (54 V Dc) Firmware Version-

Siemens ≫ Scalance Xc216-3g Poe (54 V Dc) Version-

Siemens ≫ Scalance Xc216-4c Firmware Version-

Siemens ≫ Scalance Xc216-4c Version-

Siemens ≫ Scalance Xc216-4c G Firmware Version-

Siemens ≫ Scalance Xc216-4c G Version-

Siemens ≫ Scalance Xc216-4c G (eip Def.) Firmware Version-

Siemens ≫ Scalance Xc216-4c G (eip Def.) Version-

Siemens ≫ Scalance Xc216-4c G Eec Firmware Version-

Siemens ≫ Scalance Xc216-4c G Eec Version-

Siemens ≫ Scalance Xc216eec Firmware Version-

Siemens ≫ Scalance Xc216eec Version-

Siemens ≫ Scalance Xc224 Firmware Version-

Siemens ≫ Scalance Xc224 Version-

Siemens ≫ Scalance Xc224-4c G Firmware Version-

Siemens ≫ Scalance Xc224-4c G Version-

Siemens ≫ Scalance Xc224-4c G (eip Def.) Firmware Version-

Siemens ≫ Scalance Xc224-4c G (eip Def.) Version-

Siemens ≫ Scalance Xc224-4c G Eec Firmware Version-

Siemens ≫ Scalance Xc224-4c G Eec Version-

Siemens ≫ Scalance Xf204 Firmware Version-

Siemens ≫ Scalance Xf204 Version-

Siemens ≫ Scalance Xf204 Dna Firmware Version-

Siemens ≫ Scalance Xf204 Dna Version-

Siemens ≫ Scalance Xf204-2ba Firmware Version-

Siemens ≫ Scalance Xf204-2ba Version-

Siemens ≫ Scalance Xf204-2ba Dna Firmware Version-

Siemens ≫ Scalance Xf204-2ba Dna Version-

Siemens ≫ Scalance Xp208 Firmware Version-

Siemens ≫ Scalance Xp208 Version-

Siemens ≫ Scalance Xp208 (ethernet/ip) Firmware Version-

Siemens ≫ Scalance Xp208 (ethernet/ip) Version-

Siemens ≫ Scalance Xp208eec Firmware Version-

Siemens ≫ Scalance Xp208eec Version-

Siemens ≫ Scalance Xp208poe Eec Firmware Version-

Siemens ≫ Scalance Xp208poe Eec Version-

Siemens ≫ Scalance Xp216 Firmware Version-

Siemens ≫ Scalance Xp216 Version-

Siemens ≫ Scalance Xp216 (ethernet/ip) Firmware Version-

Siemens ≫ Scalance Xp216 (ethernet/ip) Version-

Siemens ≫ Scalance Xp216eec Firmware Version-

Siemens ≫ Scalance Xp216eec Version-

Siemens ≫ Scalance Xp216poe Eec Firmware Version-

Siemens ≫ Scalance Xp216poe Eec Version-

Siemens ≫ Scalance Xr326-2c Poe Wg Firmware Version-

Siemens ≫ Scalance Xr326-2c Poe Wg Version-

Siemens ≫ Scalance Xr326-2c Poe Wg (without Ul) Firmware Version-

Siemens ≫ Scalance Xr326-2c Poe Wg (without Ul) Version-

Siemens ≫ Siplus Net Scalance Xc206-2 Firmware Version-

Siemens ≫ Siplus Net Scalance Xc206-2 Version-

Siemens ≫ Siplus Net Scalance Xc206-2sfp Firmware Version-

Siemens ≫ Siplus Net Scalance Xc206-2sfp Version-

Siemens ≫ Siplus Net Scalance Xc208 Firmware Version-

Siemens ≫ Siplus Net Scalance Xc208 Version-

Siemens ≫ Siplus Net Scalance Xc216-4c Firmware Version-

Siemens ≫ Siplus Net Scalance Xc216-4c Version-

Siemens ≫ Scalance Xb205-3 (sc, Pn) Firmware Version-

Siemens ≫ Scalance Xb205-3 (sc, Pn) Version-

Siemens ≫ Scalance Xb205-3 (st, E/ip) Firmware Version-

Siemens ≫ Scalance Xb205-3 (st, E/ip) Version-

Siemens ≫ Scalance Xb205-3 (st, Pn) Firmware Version-

Siemens ≫ Scalance Xb205-3 (st, Pn) Version-

Siemens ≫ Scalance Xb205-3ld (sc, E/ip) Firmware Version-

Siemens ≫ Scalance Xb205-3ld (sc, E/ip) Version-

Siemens ≫ Scalance Xb205-3ld (sc, Pn) Firmware Version-

Siemens ≫ Scalance Xb205-3ld (sc, Pn) Version-

Siemens ≫ Scalance Xb213-3 (sc, E/ip) Firmware Version-

Siemens ≫ Scalance Xb213-3 (sc, E/ip) Version-

Siemens ≫ Scalance Xb213-3 (sc, Pn) Firmware Version-

Siemens ≫ Scalance Xb213-3 (sc, Pn) Version-

Siemens ≫ Scalance Xb213-3 (st, E/ip) Firmware Version-

Siemens ≫ Scalance Xb213-3 (st, E/ip) Version-

Siemens ≫ Scalance Xb213-3 (st, Pn) Firmware Version-

Siemens ≫ Scalance Xb213-3 (st, Pn) Version-

Siemens ≫ Scalance Xb213-3ld (sc, E/ip) Firmware Version-

Siemens ≫ Scalance Xb213-3ld (sc, E/ip) Version-

Siemens ≫ Scalance Xb213-3ld (sc, Pn) Firmware Version-

Siemens ≫ Scalance Xb213-3ld (sc, Pn) Version-

Siemens ≫ Scalance Xr324wg (24 X Fe, Ac 230v) Firmware Version-

Siemens ≫ Scalance Xr324wg (24 X Fe, Ac 230v) Version-

Siemens ≫ Scalance Xr324wg (24 X Fe, Dc 24v) Firmware Version-

Siemens ≫ Scalance Xr324wg (24 X Fe, Dc 24v) Version-

Siemens ≫ Scalance Xr328-4c Wg (24xfe, 4xge, 24v) Firmware Version-

Siemens ≫ Scalance Xr328-4c Wg (24xfe, 4xge, 24v) Version-

Siemens ≫ Scalance Xr328-4c Wg (24xfe, 4xge,dc24v) Firmware Version-

Siemens ≫ Scalance Xr328-4c Wg (24xfe, 4xge,dc24v) Version-

Siemens ≫ Scalance Xr328-4c Wg (24xfe,4xge,ac230v) Firmware Version-

Siemens ≫ Scalance Xr328-4c Wg (24xfe,4xge,ac230v) Version-

Siemens ≫ Scalance Xr328-4c Wg (28xge, Ac 230v) Firmware Version-

Siemens ≫ Scalance Xr328-4c Wg (28xge, Ac 230v) Version-

Siemens ≫ Scalance Xr328-4c Wg (28xge, Dc 24v) Firmware Version-

Siemens ≫ Scalance Xr328-4c Wg (28xge, Dc 24v) Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.15%	0.362

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
productcert@siemens.com	8.6	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
productcert@siemens.com	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-349 Acceptance of Extraneous Untrusted Data With Trusted Data

The product, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted.

https://cert-portal.siemens.com/productcert/html/ssa-690517.html

https://cert-portal.siemens.com/productcert/html/ssa-068047.html

https://cert-portal.siemens.com/productcert/html/ssa-602936.html

https://cert-portal.siemens.com/productcert/html/ssa-699386.html

https://cert-portal.siemens.com/productcert/pdf/ssa-068047.pdf

https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-44317

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-44317

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-44317

EUVD