CVE-2023-49692

EPSS 0.14%
Published 12.12.2023 12:15:16
Last modified 21.11.2024 08:33:42
Source productcert@siemens.com
Teams watchlist Login
Open Login

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.2.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V7.2.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V7.2.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V7.2.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V7.2.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V7.2.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V7.2.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V7.2.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V7.2.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V7.2.2). An Improper Neutralization of Special Elements used in an OS Command with root privileges vulnerability exists in the parsing of the IPSEC configuration. This could allow malicious local administrators to issue commands on system level after a new connection is established.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Siemens ≫ 6gk6108-4am00-2ba2 Firmware Version < 7.2.2

Siemens ≫ 6gk6108-4am00-2ba2 Version-

Siemens ≫ 6gk6108-4am00-2da2 Firmware Version < 7.2.2

Siemens ≫ 6gk6108-4am00-2da2 Version-

Siemens ≫ 6gk5804-0ap00-2aa2 Firmware Version < 7.2.2

Siemens ≫ 6gk5804-0ap00-2aa2 Version-

Siemens ≫ 6gk5812-1aa00-2aa2 Firmware Version < 7.2.2

Siemens ≫ 6gk5812-1aa00-2aa2 Version-

Siemens ≫ 6gk5812-1ba00-2aa2 Firmware Version < 7.2.2

Siemens ≫ 6gk5812-1ba00-2aa2 Version-

Siemens ≫ 6gk5816-1aa00-2aa2 Firmware Version < 7.2.2

Siemens ≫ 6gk5816-1aa00-2aa2 Version-

Siemens ≫ 6gk5816-1ba00-2aa2 Firmware Version < 7.2.2

Siemens ≫ 6gk5816-1ba00-2aa2 Version-

Siemens ≫ 6gk5826-2ab00-2ab2 Firmware Version < 7.2.2

Siemens ≫ 6gk5826-2ab00-2ab2 Version-

Siemens ≫ 6gk5874-2aa00-2aa2 Firmware Version < 7.2.2

Siemens ≫ 6gk5874-2aa00-2aa2 Version-

Siemens ≫ 6gk5874-3aa00-2aa2 Firmware Version < 7.2.2

Siemens ≫ 6gk5874-3aa00-2aa2 Version-

Siemens ≫ 6gk5876-3aa02-2ba2 Firmware Version < 7.2.2

Siemens ≫ 6gk5876-3aa02-2ba2 Version-

Siemens ≫ 6gk5876-3aa02-2ea2 Firmware Version < 7.2.2

Siemens ≫ 6gk5876-3aa02-2ea2 Version-

Siemens ≫ 6gk5876-4aa10-2ba2 Firmware Version < 7.2.2

Siemens ≫ 6gk5876-4aa10-2ba2 Version-

Siemens ≫ 6gk5876-4aa00-2ba2 Firmware Version < 7.2.2

Siemens ≫ 6gk5876-4aa00-2ba2 Version-

Siemens ≫ 6gk5876-4aa00-2da2 Firmware Version < 7.2.2

Siemens ≫ 6gk5876-4aa00-2da2 Version-

Siemens ≫ 6gk5853-2ea00-2da1 Firmware Version < 7.2.2

Siemens ≫ 6gk5853-2ea00-2da1 Version-

Siemens ≫ 6gk5856-2ea00-3da1 Firmware Version < 7.2.2

Siemens ≫ 6gk5856-2ea00-3da1 Version-

Siemens ≫ 6gk5856-2ea00-3aa1 Firmware Version < 7.2.2

Siemens ≫ 6gk5856-2ea00-3aa1 Version-

Siemens ≫ 6gk5615-0aa00-2aa2 Firmware Version < 7.2.2

Siemens ≫ 6gk5615-0aa00-2aa2 Version-

Siemens ≫ 6gk5615-0aa01-2aa2 Firmware Version < 7.2.2

Siemens ≫ 6gk5615-0aa01-2aa2 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.14%	0.348

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
productcert@siemens.com	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

https://cert-portal.siemens.com/productcert/html/ssa-068047.html

https://cert-portal.siemens.com/productcert/html/ssa-602936.html

https://cert-portal.siemens.com/productcert/pdf/ssa-068047.pdf

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-49692

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-49692

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-49692

EUVD