cnvd - cnvd-2023-86597

cnvd-2023-86597

Vulnerability from cnvd

Title: 多款Siemens产品使用可信数据接受无关的不受信任数据漏洞

Description:

SCALANCE M-800、MUM-800和S615以及RUGGEDCOM RM1224是工业路由器。SCALANCE W产品是用于连接工业组件的无线通信设备，如可编程逻辑控制器（PLC）或人机界面（HMI），符合IEEE 802.11标准（802.11ac、802.11a/b/g/h 和/或 802.11n）。SCALANCE W-1700产品是基于IEEE 802.11ac标准的无线通信设备。它们用于连接各种WLAN设备（接入点或客户端，取决于操作模式），重点关注工业组件，如可编程逻辑控制器（PLC）或人机界面（HMI）等。SCALANCE X交换机用于连接可编程逻辑控制器（PLC）或人机界面（HMI）等工业组件。

多款Siemens产品存在使用可信数据接受无关的不受信任数据漏洞，攻击者可利用该漏洞在设备上执行任意代码。

Severity: 高

Patch Name: 多款Siemens产品使用可信数据接受无关的不受信任数据漏洞的补丁

Patch Description:

多款Siemens产品存在使用可信数据接受无关的不受信任数据漏洞，攻击者可利用该漏洞在设备上执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://cert-portal.siemens.com/productcert/html/ssa-699386.html

Reference: https://cert-portal.siemens.com/productcert/html/ssa-699386.html

Impacted products

Name
['Siemens SCALANCE XC216EEC <4.5', 'Siemens SCALANCE XC224 <4.5', 'Siemens SCALANCE XC224-4C G <4.5', 'Siemens SCALANCE XC224-4C G EEC <4.5', 'Siemens SCALANCE XF204 <4.5', 'Siemens SCALANCE XF204 DNA <4.5', 'Siemens SCALANCE XF204-2BA <4.5', 'Siemens SCALANCE XF204-2BA DNA <4.5', 'Siemens SCALANCE XP208 <4.5', 'Siemens SCALANCE XP208EEC <4.5', 'Siemens SCALANCE XP208PoE EEC <4.5', 'Siemens SCALANCE XP216 <4.5', 'Siemens SCALANCE XP216EEC <4.5', 'Siemens SCALANCE XP216POE EEC <4.5', 'Siemens SCALANCE XR324WG <4.5', 'Siemens SCALANCE XR326-2C PoE WG <4.5', 'Siemens SCALANCE XR328-4C WG <4.5', 'Siemens SIPLUS NET SCALANCE XC206-2 <4.5', 'Siemens SIPLUS NET SCALANCE XC206-2SFP <4.5', 'Siemens SIPLUS NET SCALANCE XC208 <4.5', 'Siemens SIPLUS NET SCALANCE XC216-4C <4.5', 'Siemens SCALANCE XC206-2G PoE <4.5', 'Siemens SCALANCE XC206-2G PoE EEC <4.5', 'Siemens SCALANCE XC206-2SFP <4.5', 'Siemens SCALANCE XC206-2SFP EEC <4.5', 'Siemens SCALANCE XC206-2SFP G <4.5', 'Siemens SCALANCE XC208EEC <4.5', 'Siemens SCALANCE XC208G <4.5', 'Siemens SCALANCE XC208G EEC <4.5', 'Siemens SCALANCE XC208G PoE <4.5', 'Siemens SCALANCE XC216 <4.5', 'Siemens SCALANCE XC216-3G PoE <4.5', 'Siemens SCALANCE XC216-4C <4.5', 'Siemens SCALANCE XC216-4C G <4.5', 'Siemens SCALANCE XC216-4C G EEC <4.5', 'Siemens SCALANCE XB205-3 <4.5', 'Siemens SCALANCE XB205-3LD <4.5', 'Siemens SCALANCE XB208 <4.5', 'Siemens SCALANCE XB213-3 <4.5', 'Siemens SCALANCE XB213-3LD <4.5', 'Siemens SCALANCE XB216 <4.5', 'Siemens SCALANCE XC206-2 <4.5']

Name

['Siemens SCALANCE XC216EEC <4.5', 'Siemens SCALANCE XC224 <4.5', 'Siemens SCALANCE XC224-4C G <4.5', 'Siemens SCALANCE XC224-4C G EEC <4.5', 'Siemens SCALANCE XF204 <4.5', 'Siemens SCALANCE XF204 DNA <4.5', 'Siemens SCALANCE XF204-2BA <4.5', 'Siemens SCALANCE XF204-2BA DNA <4.5', 'Siemens SCALANCE XP208 <4.5', 'Siemens SCALANCE XP208EEC <4.5', 'Siemens SCALANCE XP208PoE EEC <4.5', 'Siemens SCALANCE XP216 <4.5', 'Siemens SCALANCE XP216EEC <4.5', 'Siemens SCALANCE XP216POE EEC <4.5', 'Siemens SCALANCE XR324WG <4.5', 'Siemens SCALANCE XR326-2C PoE WG <4.5', 'Siemens SCALANCE XR328-4C WG <4.5', 'Siemens SIPLUS NET SCALANCE XC206-2 <4.5', 'Siemens SIPLUS NET SCALANCE XC206-2SFP <4.5', 'Siemens SIPLUS NET SCALANCE XC208 <4.5', 'Siemens SIPLUS NET SCALANCE XC216-4C <4.5', 'Siemens SCALANCE XC206-2G PoE <4.5', 'Siemens SCALANCE XC206-2G PoE EEC <4.5', 'Siemens SCALANCE XC206-2SFP <4.5', 'Siemens SCALANCE XC206-2SFP EEC <4.5', 'Siemens SCALANCE XC206-2SFP G <4.5', 'Siemens SCALANCE XC208EEC <4.5', 'Siemens SCALANCE XC208G <4.5', 'Siemens SCALANCE XC208G EEC <4.5', 'Siemens SCALANCE XC208G PoE <4.5', 'Siemens SCALANCE XC216 <4.5', 'Siemens SCALANCE XC216-3G PoE <4.5', 'Siemens SCALANCE XC216-4C <4.5', 'Siemens SCALANCE XC216-4C G <4.5', 'Siemens SCALANCE XC216-4C G EEC <4.5', 'Siemens SCALANCE XB205-3 <4.5', 'Siemens SCALANCE XB205-3LD <4.5', 'Siemens SCALANCE XB208 <4.5', 'Siemens SCALANCE XB213-3 <4.5', 'Siemens SCALANCE XB213-3LD <4.5', 'Siemens SCALANCE XB216 <4.5', 'Siemens SCALANCE XC206-2 <4.5']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-44317"
    }
  },
  "description": "SCALANCE M-800\u3001MUM-800\u548cS615\u4ee5\u53caRUGGEDCOM RM1224\u662f\u5de5\u4e1a\u8def\u7531\u5668\u3002SCALANCE W\u4ea7\u54c1\u662f\u7528\u4e8e\u8fde\u63a5\u5de5\u4e1a\u7ec4\u4ef6\u7684\u65e0\u7ebf\u901a\u4fe1\u8bbe\u5907\uff0c\u5982\u53ef\u7f16\u7a0b\u903b\u8f91\u63a7\u5236\u5668\uff08PLC\uff09\u6216\u4eba\u673a\u754c\u9762\uff08HMI\uff09\uff0c\u7b26\u5408IEEE 802.11\u6807\u51c6\uff08802.11ac\u3001802.11a/b/g/h \u548c/\u6216 802.11n\uff09\u3002SCALANCE W-1700\u4ea7\u54c1\u662f\u57fa\u4e8eIEEE 802.11ac\u6807\u51c6\u7684\u65e0\u7ebf\u901a\u4fe1\u8bbe\u5907\u3002\u5b83\u4eec\u7528\u4e8e\u8fde\u63a5\u5404\u79cdWLAN\u8bbe\u5907\uff08\u63a5\u5165\u70b9\u6216\u5ba2\u6237\u7aef\uff0c\u53d6\u51b3\u4e8e\u64cd\u4f5c\u6a21\u5f0f\uff09\uff0c\u91cd\u70b9\u5173\u6ce8\u5de5\u4e1a\u7ec4\u4ef6\uff0c\u5982\u53ef\u7f16\u7a0b\u903b\u8f91\u63a7\u5236\u5668\uff08PLC\uff09\u6216\u4eba\u673a\u754c\u9762\uff08HMI\uff09\u7b49\u3002SCALANCE X\u4ea4\u6362\u673a\u7528\u4e8e\u8fde\u63a5\u53ef\u7f16\u7a0b\u903b\u8f91\u63a7\u5236\u5668\uff08PLC\uff09\u6216\u4eba\u673a\u754c\u9762\uff08HMI\uff09\u7b49\u5de5\u4e1a\u7ec4\u4ef6\u3002\n\n\u591a\u6b3eSiemens\u4ea7\u54c1\u5b58\u5728\u4f7f\u7528\u53ef\u4fe1\u6570\u636e\u63a5\u53d7\u65e0\u5173\u7684\u4e0d\u53d7\u4fe1\u4efb\u6570\u636e\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u8bbe\u5907\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://cert-portal.siemens.com/productcert/html/ssa-699386.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2023-86597",
  "openTime": "2023-11-15",
  "patchDescription": "SCALANCE M-800\u3001MUM-800\u548cS615\u4ee5\u53caRUGGEDCOM RM1224\u662f\u5de5\u4e1a\u8def\u7531\u5668\u3002SCALANCE W\u4ea7\u54c1\u662f\u7528\u4e8e\u8fde\u63a5\u5de5\u4e1a\u7ec4\u4ef6\u7684\u65e0\u7ebf\u901a\u4fe1\u8bbe\u5907\uff0c\u5982\u53ef\u7f16\u7a0b\u903b\u8f91\u63a7\u5236\u5668\uff08PLC\uff09\u6216\u4eba\u673a\u754c\u9762\uff08HMI\uff09\uff0c\u7b26\u5408IEEE 802.11\u6807\u51c6\uff08802.11ac\u3001802.11a/b/g/h \u548c/\u6216 802.11n\uff09\u3002SCALANCE W-1700\u4ea7\u54c1\u662f\u57fa\u4e8eIEEE 802.11ac\u6807\u51c6\u7684\u65e0\u7ebf\u901a\u4fe1\u8bbe\u5907\u3002\u5b83\u4eec\u7528\u4e8e\u8fde\u63a5\u5404\u79cdWLAN\u8bbe\u5907\uff08\u63a5\u5165\u70b9\u6216\u5ba2\u6237\u7aef\uff0c\u53d6\u51b3\u4e8e\u64cd\u4f5c\u6a21\u5f0f\uff09\uff0c\u91cd\u70b9\u5173\u6ce8\u5de5\u4e1a\u7ec4\u4ef6\uff0c\u5982\u53ef\u7f16\u7a0b\u903b\u8f91\u63a7\u5236\u5668\uff08PLC\uff09\u6216\u4eba\u673a\u754c\u9762\uff08HMI\uff09\u7b49\u3002SCALANCE X\u4ea4\u6362\u673a\u7528\u4e8e\u8fde\u63a5\u53ef\u7f16\u7a0b\u903b\u8f91\u63a7\u5236\u5668\uff08PLC\uff09\u6216\u4eba\u673a\u754c\u9762\uff08HMI\uff09\u7b49\u5de5\u4e1a\u7ec4\u4ef6\u3002\r\n\r\n\u591a\u6b3eSiemens\u4ea7\u54c1\u5b58\u5728\u4f7f\u7528\u53ef\u4fe1\u6570\u636e\u63a5\u53d7\u65e0\u5173\u7684\u4e0d\u53d7\u4fe1\u4efb\u6570\u636e\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u8bbe\u5907\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eSiemens\u4ea7\u54c1\u4f7f\u7528\u53ef\u4fe1\u6570\u636e\u63a5\u53d7\u65e0\u5173\u7684\u4e0d\u53d7\u4fe1\u4efb\u6570\u636e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Siemens SCALANCE XC216EEC \u003c4.5",
      "Siemens SCALANCE XC224 \u003c4.5",
      "Siemens SCALANCE XC224-4C G \u003c4.5",
      "Siemens SCALANCE XC224-4C G EEC \u003c4.5",
      "Siemens SCALANCE XF204 \u003c4.5",
      "Siemens SCALANCE XF204 DNA \u003c4.5",
      "Siemens SCALANCE XF204-2BA \u003c4.5",
      "Siemens SCALANCE XF204-2BA DNA \u003c4.5",
      "Siemens SCALANCE XP208 \u003c4.5",
      "Siemens SCALANCE XP208EEC \u003c4.5",
      "Siemens SCALANCE XP208PoE EEC \u003c4.5",
      "Siemens SCALANCE XP216 \u003c4.5",
      "Siemens SCALANCE XP216EEC \u003c4.5",
      "Siemens SCALANCE XP216POE EEC \u003c4.5",
      "Siemens SCALANCE XR324WG \u003c4.5",
      "Siemens SCALANCE XR326-2C PoE WG \u003c4.5",
      "Siemens SCALANCE XR328-4C WG \u003c4.5",
      "Siemens SIPLUS NET SCALANCE XC206-2 \u003c4.5",
      "Siemens SIPLUS NET SCALANCE XC206-2SFP \u003c4.5",
      "Siemens SIPLUS NET SCALANCE XC208 \u003c4.5",
      "Siemens SIPLUS NET SCALANCE XC216-4C \u003c4.5",
      "Siemens SCALANCE XC206-2G PoE \u003c4.5",
      "Siemens SCALANCE XC206-2G PoE EEC \u003c4.5",
      "Siemens SCALANCE XC206-2SFP \u003c4.5",
      "Siemens SCALANCE XC206-2SFP EEC \u003c4.5",
      "Siemens SCALANCE XC206-2SFP G \u003c4.5",
      "Siemens SCALANCE XC208EEC \u003c4.5",
      "Siemens SCALANCE XC208G \u003c4.5",
      "Siemens SCALANCE XC208G EEC \u003c4.5",
      "Siemens SCALANCE XC208G PoE \u003c4.5",
      "Siemens SCALANCE XC216 \u003c4.5",
      "Siemens SCALANCE XC216-3G PoE \u003c4.5",
      "Siemens SCALANCE XC216-4C \u003c4.5",
      "Siemens SCALANCE XC216-4C G \u003c4.5",
      "Siemens SCALANCE XC216-4C G EEC \u003c4.5",
      "Siemens SCALANCE XB205-3 \u003c4.5",
      "Siemens SCALANCE XB205-3LD \u003c4.5",
      "Siemens SCALANCE XB208 \u003c4.5",
      "Siemens SCALANCE XB213-3 \u003c4.5",
      "Siemens SCALANCE XB213-3LD \u003c4.5",
      "Siemens SCALANCE XB216 \u003c4.5",
      "Siemens SCALANCE XC206-2 \u003c4.5"
    ]
  },
  "referenceLink": "https://cert-portal.siemens.com/productcert/html/ssa-699386.html",
  "serverity": "\u9ad8",
  "submitTime": "2023-11-15",
  "title": "\u591a\u6b3eSiemens\u4ea7\u54c1\u4f7f\u7528\u53ef\u4fe1\u6570\u636e\u63a5\u53d7\u65e0\u5173\u7684\u4e0d\u53d7\u4fe1\u4efb\u6570\u636e\u6f0f\u6d1e"
}

CVE-2023-44317 (GCVE-0-2023-44317)

Vulnerability from cvelistv5

Published

2023-11-14 11:03

Modified

2025-01-14 10:28

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
8.6 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

CWE-349 - Acceptance of Extraneous Untrusted Data With Trusted Data

Summary

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.2.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V7.2.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V7.2.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V7.2.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V7.2.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V7.2.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V7.2.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V7.2.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V7.2.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V7.2.2), SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V3.0.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V3.0.0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions < V3.0.0), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) (All versions < V3.0.0), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (All versions < V3.0.0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions < V3.0.0), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) (All versions < V3.0.0), SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) (All versions < V3.0.0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0) (All versions < V3.0.0), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) (All versions < V3.0.0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0) (All versions < V3.0.0). Affected products do not properly validate the content of uploaded X509 certificates which could allow an attacker with administrative privileges to execute arbitrary code on the device.

References

▼	URL	Tags
	https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf
	https://cert-portal.siemens.com/productcert/pdf/ssa-068047.pdf
	https://cert-portal.siemens.com/productcert/html/ssa-699386.html
	https://cert-portal.siemens.com/productcert/html/ssa-068047.html
	https://cert-portal.siemens.com/productcert/html/ssa-602936.html
	https://cert-portal.siemens.com/productcert/html/ssa-690517.html

Impacted products

Vendor

Product

Version

▼

Siemens

RUGGEDCOM RM1224 LTE(4G) EU

Version: 0 < V7.2.2

Siemens	RUGGEDCOM RM1224 LTE(4G) NAM	Version: 0 < V7.2.2
Siemens	SCALANCE M804PB	Version: 0 < V7.2.2
Siemens	SCALANCE M812-1 ADSL-Router	Version: 0 < V7.2.2
Siemens	SCALANCE M812-1 ADSL-Router	Version: 0 < V7.2.2
Siemens	SCALANCE M816-1 ADSL-Router	Version: 0 < V7.2.2
Siemens	SCALANCE M816-1 ADSL-Router	Version: 0 < V7.2.2
Siemens	SCALANCE M826-2 SHDSL-Router	Version: 0 < V7.2.2
Siemens	SCALANCE M874-2	Version: 0 < V7.2.2
Siemens	SCALANCE M874-3	Version: 0 < V7.2.2
Siemens	SCALANCE M876-3	Version: 0 < V7.2.2
Siemens	SCALANCE M876-3 (ROK)	Version: 0 < V7.2.2
Siemens	SCALANCE M876-4	Version: 0 < V7.2.2
Siemens	SCALANCE M876-4 (EU)	Version: 0 < V7.2.2
Siemens	SCALANCE M876-4 (NAM)	Version: 0 < V7.2.2
Siemens	SCALANCE MUM853-1 (EU)	Version: 0 < V7.2.2
Siemens	SCALANCE MUM856-1 (EU)	Version: 0 < V7.2.2
Siemens	SCALANCE MUM856-1 (RoW)	Version: 0 < V7.2.2
Siemens	SCALANCE S615 EEC LAN-Router	Version: 0 < V7.2.2
Siemens	SCALANCE S615 LAN-Router	Version: 0 < V7.2.2
Siemens	SCALANCE WAB762-1	Version: 0 < V3.0.0
Siemens	SCALANCE WAM763-1	Version: 0 < V3.0.0
Siemens	SCALANCE WAM763-1 (ME)	Version: 0 < V3.0.0
Siemens	SCALANCE WAM763-1 (US)	Version: 0 < V3.0.0
Siemens	SCALANCE WAM766-1	Version: 0 < V3.0.0
Siemens	SCALANCE WAM766-1 (ME)	Version: 0 < V3.0.0
Siemens	SCALANCE WAM766-1 (US)	Version: 0 < V3.0.0
Siemens	SCALANCE WAM766-1 EEC	Version: 0 < V3.0.0
Siemens	SCALANCE WAM766-1 EEC (ME)	Version: 0 < V3.0.0
Siemens	SCALANCE WAM766-1 EEC (US)	Version: 0 < V3.0.0
Siemens	SCALANCE WUB762-1	Version: 0 < V3.0.0
Siemens	SCALANCE WUB762-1 iFeatures	Version: 0 < V3.0.0
Siemens	SCALANCE WUM763-1	Version: 0 < V3.0.0
Siemens	SCALANCE WUM763-1	Version: 0 < V3.0.0
Siemens	SCALANCE WUM763-1 (US)	Version: 0 < V3.0.0
Siemens	SCALANCE WUM763-1 (US)	Version: 0 < V3.0.0
Siemens	SCALANCE WUM766-1	Version: 0 < V3.0.0
Siemens	SCALANCE WUM766-1 (ME)	Version: 0 < V3.0.0
Siemens	SCALANCE WUM766-1 (USA)	Version: 0 < V3.0.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:59:52.114Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-068047.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-699386.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-068047.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-602936.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-690517.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-44317",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2023-12-09T05:05:39.591638Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-08T16:17:22.554Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RM1224 LTE(4G) EU",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.2.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RM1224 LTE(4G) NAM",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.2.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M804PB",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.2.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M812-1 ADSL-Router",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.2.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M812-1 ADSL-Router",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.2.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M816-1 ADSL-Router",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.2.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M816-1 ADSL-Router",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.2.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M826-2 SHDSL-Router",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.2.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M874-2",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.2.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M874-3",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.2.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M876-3",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.2.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M876-3 (ROK)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.2.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M876-4",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.2.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M876-4 (EU)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.2.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M876-4 (NAM)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.2.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE MUM853-1 (EU)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.2.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE MUM856-1 (EU)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.2.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE MUM856-1 (RoW)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.2.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE S615 EEC LAN-Router",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.2.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE S615 LAN-Router",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.2.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE WAB762-1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE WAM763-1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE WAM763-1 (ME)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE WAM763-1 (US)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE WAM766-1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE WAM766-1 (ME)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE WAM766-1 (US)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE WAM766-1 EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE WAM766-1 EEC (ME)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE WAM766-1 EEC (US)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE WUB762-1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE WUB762-1 iFeatures",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE WUM763-1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE WUM763-1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE WUM763-1 (US)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE WUM763-1 (US)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE WUM766-1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE WUM766-1 (ME)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE WUM766-1 (USA)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions \u003c V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions \u003c V7.2.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions \u003c V7.2.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions \u003c V7.2.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions \u003c V7.2.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions \u003c V7.2.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions \u003c V7.2.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions \u003c V7.2.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions \u003c V7.2.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions \u003c V7.2.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions \u003c V7.2.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions \u003c V7.2.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions \u003c V7.2.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions \u003c V7.2.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions \u003c V7.2.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions \u003c V7.2.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions \u003c V7.2.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions \u003c V7.2.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions \u003c V7.2.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions \u003c V7.2.2), SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions \u003c V3.0.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions \u003c V3.0.0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions \u003c V3.0.0), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (All versions \u003c V3.0.0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) (All versions \u003c V3.0.0), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (All versions \u003c V3.0.0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions \u003c V3.0.0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0) (All versions \u003c V3.0.0), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) (All versions \u003c V3.0.0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions \u003c V3.0.0), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) (All versions \u003c V3.0.0), SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0) (All versions \u003c V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions \u003c V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions \u003c V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) (All versions \u003c V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) (All versions \u003c V3.0.0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0) (All versions \u003c V3.0.0), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) (All versions \u003c V3.0.0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0) (All versions \u003c V3.0.0). Affected products do not properly validate the content of uploaded X509 certificates which could allow an attacker with administrative privileges to execute arbitrary code on the device."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-349",
              "description": "CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-14T10:28:24.686Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-068047.pdf"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-699386.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-068047.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-602936.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-690517.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2023-44317",
    "datePublished": "2023-11-14T11:03:48.999Z",
    "dateReserved": "2023-09-28T16:18:45.647Z",
    "dateUpdated": "2025-01-14T10:28:24.686Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted