var-202311-0435
Vulnerability from variot
Affected devices use a hardcoded key to obfuscate the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that obtains a configuration backup to extract configuration information from the exported file. 6gk5205-3bb00-2ab2 firmware, 6gk5205-3bb00-2tb2 firmware, 6gk5205-3bd00-2tb2 Multiple Siemens products, including firmware, contain vulnerabilities related to the use of hard-coded encryption keys.Information may be obtained. SCALANCE M-800, MUM-800 and S615 as well as RUGGEDCOM RM1224 are industrial routers. SCALANCE W products are wireless communication devices for connecting industrial components, such as programmable logic controllers (PLCs) or human machine interfaces (HMIs), in compliance with the IEEE 802.11 standards (802.11ac, 802.11a/b/g/h and/or 802.11n). The SCALANCE W-1700 product is a wireless communication device based on the IEEE 802.11ac standard. They are used to connect various WLAN devices (access points or clients, depending on the operating mode), focusing on industrial components such as programmable logic controllers (PLC) or human machine interfaces (HMI), etc. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLCs) or human-machine interfaces (HMIs). A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, PN) (All versions < V4.5), SCALANCE XB205-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB205-3LD (SC, PN) (All versions < V4.5), SCALANCE XB208 (E/IP) (All versions < V4.5), SCALANCE XB208 (PN) (All versions < V4.5), SCALANCE XB213-3 (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3 (SC, PN) (All versions < V4.5), SCALANCE XB213-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB213-3 (ST, PN) (All versions < V4.5), SCALANCE XB213-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3LD (SC, PN) (All versions < V4.5), SCALANCE XB216 (E/IP) (All versions < V4.5), SCALANCE XB216 (PN) (All versions < V4.5), SCALANCE XC206-2 (SC) (All versions < V4.5), SCALANCE XC206-2 (ST/BFOC) (All versions < V4.5), SCALANCE XC206-2G PoE (All versions < V4.5), SCALANCE XC206-2G PoE (54 V DC) (All versions < V4.5), SCALANCE XC206-2G PoE EEC (54 V DC) (All versions < V4.5), SCALANCE XC206-2SFP (All versions < V4.5), SCALANCE XC206-2SFP EEC (All versions < V4.5), SCALANCE XC206-2SFP G (All versions < V4.5), SCALANCE XC206-2SFP G (EIP DEF.) (All versions < V4.5), SCALANCE XC206-2SFP G EEC (All versions < V4.5), SCALANCE XC208 (All versions < V4.5), SCALANCE XC208EEC (All versions < V4.5), SCALANCE XC208G (All versions < V4.5), SCALANCE XC208G (EIP def.) (All versions < V4.5), SCALANCE XC208G EEC (All versions < V4.5), SCALANCE XC208G PoE (All versions < V4.5), SCALANCE XC208G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216 (All versions < V4.5), SCALANCE XC216-3G PoE (All versions < V4.5), SCALANCE XC216-3G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216-4C (All versions < V4.5), SCALANCE XC216-4C G (All versions < V4.5), SCALANCE XC216-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC216-4C G EEC (All versions < V4.5), SCALANCE XC216EEC (All versions < V4.5), SCALANCE XC224 (All versions < V4.5), SCALANCE XC224-4C G (All versions < V4.5), SCALANCE XC224-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC224-4C G EEC (All versions < V4.5), SCALANCE XF204 (All versions < V4.5), SCALANCE XF204 DNA (All versions < V4.5), SCALANCE XF204-2BA (All versions < V4.5), SCALANCE XF204-2BA DNA (All versions < V4.5), SCALANCE XP208 (All versions < V4.5), SCALANCE XP208 (Ethernet/IP) (All versions < V4.5), SCALANCE XP208EEC (All versions < V4.5), SCALANCE XP208PoE EEC (All versions < V4.5), SCALANCE XP216 (All versions < V4.5), SCALANCE XP216 (Ethernet/IP) (All versions < V4.5), SCALANCE XP216EEC (All versions < V4.5), SCALANCE XP216POE EEC (All versions < V4.5), SCALANCE XR324WG (24 x FE, AC 230V) (All versions < V4.5), SCALANCE XR324WG (24 X FE, DC 24V) (All versions < V4.5), SCALANCE XR326-2C PoE WG (All versions < V4.5), SCALANCE XR326-2C PoE WG (without UL) (All versions < V4.5), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, AC 230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, DC 24V) (All versions < V4.5), SIPLUS NET SCALANCE XC206-2 (All versions < V4.5), SIPLUS NET SCALANCE XC206-2SFP (All versions < V4.5), SIPLUS NET SCALANCE XC208 (All versions < V4.5), SIPLUS NET SCALANCE XC216-4C (All versions < V4.5)
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202311-0435", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "6gk5205-3bf00-2tb2", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5208-0ba00-2ab2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5206-2rs00-5fc2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5208-0ha00-2ts6", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5324-0ba00-2ar3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5216-3rs00-2ac2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6ag1206-2bb00-7ac2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5206-2bd00-2ac2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5326-2qs00-3rr3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5213-3bb00-2tb2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5216-0ba00-2ac2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5224-0ba00-2ac2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6ag1206-2bs00-7ac2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5206-2bs00-2ac2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5206-2bs00-2fc2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5208-0ha00-2es6", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5328-4ss00-2ar3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5224-4gs00-2ac2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5324-0ba00-3ar3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5204-0ba00-2gf2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5204-2aa00-2gf2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5328-4fs00-3ar3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5208-0ga00-2tc2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5216-0ha00-2as6", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5216-0ha00-2es6", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6ag1208-0ba00-7ac2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5216-4gs00-2fc2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5205-3bb00-2tb2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5213-3bf00-2ab2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5326-2qs00-3ar3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5208-0ba00-2ac2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5213-3bf00-2tb2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5206-2gs00-2tc2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5213-3bd00-2ab2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5216-4bs00-2ac2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5224-4gs00-2fc2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5216-0ba00-2tb2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5206-2rs00-5ac2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5208-0ra00-5ac2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5216-0ba00-2fc2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5206-2rs00-2ac2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5208-0ba00-2fc2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5208-0ga00-2fc2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5216-0ha00-2ts6", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5216-0ba00-2ab2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5208-0ha00-2as6", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5328-4fs00-3rr3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5205-3bd00-2ab2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5205-3bd00-2tb2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5205-3bf00-2ab2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5216-4gs00-2ac2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5328-4fs00-2rr3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6ag1216-4bs00-7ac2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5206-2bb00-2ac2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5208-0ba00-2tb2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5204-2aa00-2yf2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5328-4fs00-2ar3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5208-0ga00-2ac2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5328-4ss00-3ar3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5208-0ua00-5es6", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5213-3bd00-2tb2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5205-3bb00-2ab2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5213-3bb00-2ab2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5208-0ra00-2ac2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5206-2gs00-2ac2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5216-3rs00-5ac2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5224-4gs00-2tc2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5216-4gs00-2tc2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5206-2gs00-2fc2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5216-0ua00-5es6", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5204-0ba00-2yf2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "6gk5206-2bd00-2ac2", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "6gk5213-3bf00-2ab2", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "6gk5205-3bf00-2ab2", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "6gk5208-0ba00-2ab2", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "6gk5216-0ba00-2ab2", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "6gk5213-3bd00-2ab2", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "6gk5213-3bf00-2tb2", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "6gk5205-3bb00-2ab2", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "6gk5206-2rs00-5ac2", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "6gk5216-0ba00-2tb2", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "6gk5213-3bb00-2tb2", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "6gk5213-3bd00-2tb2", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "6gk5205-3bd00-2tb2", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "6gk5213-3bb00-2ab2", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "6gk5205-3bf00-2tb2", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "6gk5205-3bb00-2tb2", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "6gk5206-2rs00-2ac2", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "6gk5205-3bd00-2ab2", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "6gk5206-2bb00-2ac2", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "6gk5208-0ba00-2tb2", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance xc216eec", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "4.5" }, { "model": "scalance xc224", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "4.5" }, { "model": "scalance xc224-4c g", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "4.5" }, { "model": "scalance xc224-4c g eec", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "4.5" }, { "model": "scalance xf204", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "4.5" }, { "model": "scalance xf204 dna", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "4.5" }, { "model": "scalance xf204-2ba", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "4.5" }, { "model": "scalance xf204-2ba dna", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "4.5" }, { "model": "scalance xp208", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "4.5" }, { "model": "scalance xp208eec", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "4.5" }, { "model": "scalance xp208poe eec", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "4.5" }, { "model": "scalance xp216", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "4.5" }, { "model": "scalance xp216eec", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "4.5" }, { "model": "scalance xp216poe eec", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "4.5" }, { "model": "scalance xr324wg", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "4.5" }, { "model": "scalance xr326-2c poe wg", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "4.5" }, { "model": "scalance xr328-4c wg", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "4.5" }, { "model": "siplus net scalance xc206-2", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "4.5" }, { "model": "siplus net scalance xc206-2sfp", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "4.5" }, { "model": "siplus net scalance xc208", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "4.5" }, { "model": "siplus net scalance xc216-4c", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "4.5" }, { "model": "scalance xc206-2g poe", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "4.5" }, { "model": "scalance xc206-2g poe eec", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "4.5" }, { "model": "scalance xc206-2sfp", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "4.5" }, { "model": "scalance xc206-2sfp eec", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "4.5" }, { "model": "scalance xc206-2sfp g", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "4.5" }, { "model": "scalance xc208eec", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "4.5" }, { "model": "scalance xc208g", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "4.5" }, { "model": "scalance xc208g eec", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "4.5" }, { "model": "scalance xc208g poe", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "4.5" }, { "model": "scalance xc216", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "4.5" }, { "model": "scalance xc216-3g poe", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "4.5" }, { "model": "scalance xc216-4c", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "4.5" }, { "model": "scalance xc216-4c g", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "4.5" }, { "model": "scalance xc216-4c g eec", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "4.5" }, { "model": "scalance xb205-3", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "4.5" }, { "model": "scalance xb205-3ld", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "4.5" }, { "model": "scalance xb208", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "4.5" }, { "model": "scalance xb213-3", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "4.5" }, { "model": "scalance xb213-3ld", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "4.5" }, { "model": "scalance xb216", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "4.5" }, { "model": "scalance xc206-2", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "4.5" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-86596" }, { "db": "JVNDB", "id": "JVNDB-2023-017962" }, { "db": "NVD", "id": "CVE-2023-44318" } ] }, "cve": "CVE-2023-44318", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 6.8, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.0, "id": "CNVD-2023-86596", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.2, "id": "CVE-2023-44318", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.9, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2023-44318", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "High", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2023-44318", "trust": 1.0, "value": "MEDIUM" }, { "author": "productcert@siemens.com", "id": "CVE-2023-44318", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2023-44318", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2023-86596", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-86596" }, { "db": "JVNDB", "id": "JVNDB-2023-017962" }, { "db": "NVD", "id": "CVE-2023-44318" }, { "db": "NVD", "id": "CVE-2023-44318" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Affected devices use a hardcoded key to obfuscate the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that obtains a configuration backup to extract configuration information from the exported file. 6gk5205-3bb00-2ab2 firmware, 6gk5205-3bb00-2tb2 firmware, 6gk5205-3bd00-2tb2 Multiple Siemens products, including firmware, contain vulnerabilities related to the use of hard-coded encryption keys.Information may be obtained. SCALANCE M-800, MUM-800 and S615 as well as RUGGEDCOM RM1224 are industrial routers. SCALANCE W products are wireless communication devices for connecting industrial components, such as programmable logic controllers (PLCs) or human machine interfaces (HMIs), in compliance with the IEEE 802.11 standards (802.11ac, 802.11a/b/g/h and/or 802.11n). The SCALANCE W-1700 product is a wireless communication device based on the IEEE 802.11ac standard. They are used to connect various WLAN devices (access points or clients, depending on the operating mode), focusing on industrial components such as programmable logic controllers (PLC) or human machine interfaces (HMI), etc. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLCs) or human-machine interfaces (HMIs). A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions \u003c V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions \u003c V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions \u003c V4.5), SCALANCE XB205-3 (ST, PN) (All versions \u003c V4.5), SCALANCE XB205-3LD (SC, E/IP) (All versions \u003c V4.5), SCALANCE XB205-3LD (SC, PN) (All versions \u003c V4.5), SCALANCE XB208 (E/IP) (All versions \u003c V4.5), SCALANCE XB208 (PN) (All versions \u003c V4.5), SCALANCE XB213-3 (SC, E/IP) (All versions \u003c V4.5), SCALANCE XB213-3 (SC, PN) (All versions \u003c V4.5), SCALANCE XB213-3 (ST, E/IP) (All versions \u003c V4.5), SCALANCE XB213-3 (ST, PN) (All versions \u003c V4.5), SCALANCE XB213-3LD (SC, E/IP) (All versions \u003c V4.5), SCALANCE XB213-3LD (SC, PN) (All versions \u003c V4.5), SCALANCE XB216 (E/IP) (All versions \u003c V4.5), SCALANCE XB216 (PN) (All versions \u003c V4.5), SCALANCE XC206-2 (SC) (All versions \u003c V4.5), SCALANCE XC206-2 (ST/BFOC) (All versions \u003c V4.5), SCALANCE XC206-2G PoE (All versions \u003c V4.5), SCALANCE XC206-2G PoE (54 V DC) (All versions \u003c V4.5), SCALANCE XC206-2G PoE EEC (54 V DC) (All versions \u003c V4.5), SCALANCE XC206-2SFP (All versions \u003c V4.5), SCALANCE XC206-2SFP EEC (All versions \u003c V4.5), SCALANCE XC206-2SFP G (All versions \u003c V4.5), SCALANCE XC206-2SFP G (EIP DEF.) (All versions \u003c V4.5), SCALANCE XC206-2SFP G EEC (All versions \u003c V4.5), SCALANCE XC208 (All versions \u003c V4.5), SCALANCE XC208EEC (All versions \u003c V4.5), SCALANCE XC208G (All versions \u003c V4.5), SCALANCE XC208G (EIP def.) (All versions \u003c V4.5), SCALANCE XC208G EEC (All versions \u003c V4.5), SCALANCE XC208G PoE (All versions \u003c V4.5), SCALANCE XC208G PoE (54 V DC) (All versions \u003c V4.5), SCALANCE XC216 (All versions \u003c V4.5), SCALANCE XC216-3G PoE (All versions \u003c V4.5), SCALANCE XC216-3G PoE (54 V DC) (All versions \u003c V4.5), SCALANCE XC216-4C (All versions \u003c V4.5), SCALANCE XC216-4C G (All versions \u003c V4.5), SCALANCE XC216-4C G (EIP Def.) (All versions \u003c V4.5), SCALANCE XC216-4C G EEC (All versions \u003c V4.5), SCALANCE XC216EEC (All versions \u003c V4.5), SCALANCE XC224 (All versions \u003c V4.5), SCALANCE XC224-4C G (All versions \u003c V4.5), SCALANCE XC224-4C G (EIP Def.) (All versions \u003c V4.5), SCALANCE XC224-4C G EEC (All versions \u003c V4.5), SCALANCE XF204 (All versions \u003c V4.5), SCALANCE XF204 DNA (All versions \u003c V4.5), SCALANCE XF204-2BA (All versions \u003c V4.5), SCALANCE XF204-2BA DNA (All versions \u003c V4.5), SCALANCE XP208 (All versions \u003c V4.5), SCALANCE XP208 (Ethernet/IP) (All versions \u003c V4.5), SCALANCE XP208EEC (All versions \u003c V4.5), SCALANCE XP208PoE EEC (All versions \u003c V4.5), SCALANCE XP216 (All versions \u003c V4.5), SCALANCE XP216 (Ethernet/IP) (All versions \u003c V4.5), SCALANCE XP216EEC (All versions \u003c V4.5), SCALANCE XP216POE EEC (All versions \u003c V4.5), SCALANCE XR324WG (24 x FE, AC 230V) (All versions \u003c V4.5), SCALANCE XR324WG (24 X FE, DC 24V) (All versions \u003c V4.5), SCALANCE XR326-2C PoE WG (All versions \u003c V4.5), SCALANCE XR326-2C PoE WG (without UL) (All versions \u003c V4.5), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (All versions \u003c V4.5), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (All versions \u003c V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions \u003c V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions \u003c V4.5), SCALANCE XR328-4C WG (28xGE, AC 230V) (All versions \u003c V4.5), SCALANCE XR328-4C WG (28xGE, DC 24V) (All versions \u003c V4.5), SIPLUS NET SCALANCE XC206-2 (All versions \u003c V4.5), SIPLUS NET SCALANCE XC206-2SFP (All versions \u003c V4.5), SIPLUS NET SCALANCE XC208 (All versions \u003c V4.5), SIPLUS NET SCALANCE XC216-4C (All versions \u003c V4.5)", "sources": [ { "db": "NVD", "id": "CVE-2023-44318" }, { "db": "JVNDB", "id": "JVNDB-2023-017962" }, { "db": "CNVD", "id": "CNVD-2023-86596" }, { "db": "VULMON", "id": "CVE-2023-44318" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-44318", "trust": 3.3 }, { "db": "SIEMENS", "id": "SSA-699386", "trust": 2.5 }, { "db": "SIEMENS", "id": "SSA-180704", "trust": 1.8 }, { "db": "SIEMENS", "id": "SSA-690517", "trust": 1.0 }, { "db": "SIEMENS", "id": "SSA-353002", "trust": 1.0 }, { "db": "ICS CERT", "id": "ICSA-23-320-08", "trust": 0.9 }, { "db": "JVN", "id": "JVNVU93250330", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU98271228", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU93656033", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU92598492", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-24-165-12", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-24-074-08", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-23-348-14", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2023-017962", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2023-86596", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2023-44318", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-86596" }, { "db": "VULMON", "id": "CVE-2023-44318" }, { "db": "JVNDB", "id": "JVNDB-2023-017962" }, { "db": "NVD", "id": "CVE-2023-44318" } ] }, "id": "VAR-202311-0435", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2023-86596" } ], "trust": 1.2076912 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-86596" } ] }, "last_update_date": "2024-08-14T13:07:52.663000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Multiple Siemens products use hard-coded encryption key vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/482171" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-86596" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-321", "trust": 1.0 }, { "problemtype": "Using hardcoded encryption keys (CWE-321) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-017962" }, { "db": "NVD", "id": "CVE-2023-44318" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.9, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf" }, { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-180704.pdf" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-180704.html" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-353002.html" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-690517.html" }, { "trust": 0.9, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-08" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu92598492/" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu98271228/" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu93656033/index.html" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu93250330/index.html" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-44318" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-14" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-08" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-12" }, { "trust": 0.6, "url": "https://cert-portal.siemens.com/productcert/html/ssa-699386.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-86596" }, { "db": "VULMON", "id": "CVE-2023-44318" }, { "db": "JVNDB", "id": "JVNDB-2023-017962" }, { "db": "NVD", "id": "CVE-2023-44318" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2023-86596" }, { "db": "VULMON", "id": "CVE-2023-44318" }, { "db": "JVNDB", "id": "JVNDB-2023-017962" }, { "db": "NVD", "id": "CVE-2023-44318" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-15T00:00:00", "db": "CNVD", "id": "CNVD-2023-86596" }, { "date": "2023-11-14T00:00:00", "db": "VULMON", "id": "CVE-2023-44318" }, { "date": "2024-01-10T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-017962" }, { "date": "2023-11-14T11:15:12.287000", "db": "NVD", "id": "CVE-2023-44318" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-15T00:00:00", "db": "CNVD", "id": "CNVD-2023-86596" }, { "date": "2023-11-14T00:00:00", "db": "VULMON", "id": "CVE-2023-44318" }, { "date": "2024-06-17T05:32:00", "db": "JVNDB", "id": "JVNDB-2023-017962" }, { "date": "2024-06-11T09:15:14.333000", "db": "NVD", "id": "CVE-2023-44318" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Vulnerabilities related to the use of hardcoded encryption keys in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-017962" } ], "trust": 0.8 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.