CVE-2023-44318

Summary

Affected devices use a hardcoded key to obfuscate the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that obtains a configuration backup to extract configuration information from the exported file.

Affected Software

VendorProductVersion RangeStatus
SiemensRUGGEDCOM RM1224 LTE(4G) EU0 < *affected
SiemensRUGGEDCOM RM1224 LTE(4G) NAM0 < *affected
SiemensSCALANCE M804PB0 < *affected
SiemensSCALANCE M812-1 ADSL-Router0 < *affected
SiemensSCALANCE M812-1 ADSL-Router0 < *affected
SiemensSCALANCE M816-1 ADSL-Router0 < *affected
SiemensSCALANCE M816-1 ADSL-Router0 < *affected
SiemensSCALANCE M826-2 SHDSL-Router0 < *affected
SiemensSCALANCE M874-20 < *affected
SiemensSCALANCE M874-30 < *affected
SiemensSCALANCE M876-30 < *affected
SiemensSCALANCE M876-3 (ROK)0 < *affected
SiemensSCALANCE M876-40 < *affected
SiemensSCALANCE M876-4 (EU)0 < *affected
SiemensSCALANCE M876-4 (NAM)0 < *affected
SiemensSCALANCE MUM853-1 (EU)0 < *affected
SiemensSCALANCE MUM856-1 (EU)0 < *affected
SiemensSCALANCE MUM856-1 (RoW)0 < *affected
SiemensSCALANCE S615 EEC LAN-Router0 < *affected
SiemensSCALANCE S615 LAN-Router0 < *affected
SiemensSCALANCE XB205-3 (SC, PN)0 < *affected
SiemensSCALANCE XB205-3 (ST, E/IP)0 < *affected
SiemensSCALANCE XB205-3 (ST, E/IP)0 < *affected
SiemensSCALANCE XB205-3 (ST, PN)0 < *affected
SiemensSCALANCE XB205-3LD (SC, E/IP)0 < *affected
SiemensSCALANCE XB205-3LD (SC, PN)0 < *affected
SiemensSCALANCE XB206-2 (SC)0 < *affected
SiemensSCALANCE XB206-2 (ST/BFOC)0 < *affected
SiemensSCALANCE XB206-2 LD0 < *affected
SiemensSCALANCE XB206-2 SC0 < *affected
SiemensSCALANCE XB206-2 ST0 < *affected
SiemensSCALANCE XB206-2LD0 < *affected
SiemensSCALANCE XB208 (E/IP)0 < *affected
SiemensSCALANCE XB208 (PN)0 < *affected
SiemensSCALANCE XB213-3 (SC, E/IP)0 < *affected
SiemensSCALANCE XB213-3 (SC, PN)0 < *affected
SiemensSCALANCE XB213-3 (ST, E/IP)0 < *affected
SiemensSCALANCE XB213-3 (ST, PN)0 < *affected
SiemensSCALANCE XB213-3LD (SC, E/IP)0 < *affected
SiemensSCALANCE XB213-3LD (SC, PN)0 < *affected
SiemensSCALANCE XB216 (E/IP)0 < *affected
SiemensSCALANCE XB216 (PN)0 < *affected
SiemensSCALANCE XC206-2 (SC)0 < *affected
SiemensSCALANCE XC206-2 (ST/BFOC)0 < *affected
SiemensSCALANCE XC206-2G PoE0 < *affected
SiemensSCALANCE XC206-2G PoE (54 V DC)0 < *affected
SiemensSCALANCE XC206-2G PoE EEC (54 V DC)0 < *affected
SiemensSCALANCE XC206-2SFP0 < *affected
SiemensSCALANCE XC206-2SFP EEC0 < *affected
SiemensSCALANCE XC206-2SFP G0 < *affected
SiemensSCALANCE XC206-2SFP G (EIP DEF.)0 < *affected
SiemensSCALANCE XC206-2SFP G EEC0 < *affected
SiemensSCALANCE XC2080 < *affected
SiemensSCALANCE XC208EEC0 < *affected
SiemensSCALANCE XC208G0 < *affected
SiemensSCALANCE XC208G (EIP def.)0 < *affected
SiemensSCALANCE XC208G EEC0 < *affected
SiemensSCALANCE XC208G PoE0 < *affected
SiemensSCALANCE XC208G PoE (54 V DC)0 < *affected
SiemensSCALANCE XC2160 < *affected
SiemensSCALANCE XC216-3G PoE0 < *affected
SiemensSCALANCE XC216-3G PoE (54 V DC)0 < *affected
SiemensSCALANCE XC216-4C0 < *affected
SiemensSCALANCE XC216-4C G0 < *affected
SiemensSCALANCE XC216-4C G (EIP Def.)0 < *affected
SiemensSCALANCE XC216-4C G EEC0 < *affected
SiemensSCALANCE XC216EEC0 < *affected
SiemensSCALANCE XC2240 < *affected
SiemensSCALANCE XC224-4C G0 < *affected
SiemensSCALANCE XC224-4C G (EIP Def.)0 < *affected
SiemensSCALANCE XC224-4C G EEC0 < *affected
SiemensSCALANCE XF2040 < *affected
SiemensSCALANCE XF204 DNA0 < *affected
SiemensSCALANCE XF204-2BA0 < *affected
SiemensSCALANCE XF204-2BA DNA0 < *affected
SiemensSCALANCE XF204G0 < *affected
SiemensSCALANCE XP2080 < *affected
SiemensSCALANCE XP2080 < *affected
SiemensSCALANCE XP208 (Ethernet/IP)0 < *affected
SiemensSCALANCE XP208EEC0 < *affected
SiemensSCALANCE XP208EEC0 < *affected
SiemensSCALANCE XP208G0 < *affected
SiemensSCALANCE XP208G EEC0 < *affected
SiemensSCALANCE XP208G PoE EEC0 < *affected
SiemensSCALANCE XP208G PP0 < *affected
SiemensSCALANCE XP208PoE EEC0 < *affected
SiemensSCALANCE XP208PoE EEC0 < *affected
SiemensSCALANCE XP2160 < *affected
SiemensSCALANCE XP216 (Ethernet/IP)0 < *affected
SiemensSCALANCE XP216 (V2)0 < *affected
SiemensSCALANCE XP216EEC0 < *affected
SiemensSCALANCE XP216EEC (V2)0 < *affected
SiemensSCALANCE XP216G0 < *affected
SiemensSCALANCE XP216G EEC0 < *affected
SiemensSCALANCE XP216G PoE EEC0 < *affected
SiemensSCALANCE XP216POE EEC0 < *affected
SiemensSCALANCE XP216PoE EEC (V2)0 < *affected
SiemensSCALANCE XR324WG (24 x FE, AC 230V)0 < *affected
SiemensSCALANCE XR324WG (24 X FE, DC 24V)0 < *affected
SiemensSCALANCE XR326-2C PoE WG0 < *affected
SiemensSCALANCE XR326-2C PoE WG (without UL)0 < *affected
SiemensSCALANCE XR328-4C WG (24XFE, 4XGE, 24V)0 < *affected
SiemensSCALANCE XR328-4C WG (24xFE, 4xGE,DC24V)0 < *affected
SiemensSCALANCE XR328-4C WG (24xFE,4xGE,AC230V)0 < *affected
SiemensSCALANCE XR328-4C WG (24xFE,4xGE,AC230V)0 < *affected
SiemensSCALANCE XR328-4C WG (28xGE, AC 230V)0 < *affected
SiemensSCALANCE XR328-4C WG (28xGE, DC 24V)0 < *affected
SiemensSIPLUS NET SCALANCE XC206-20 < *affected
SiemensSIPLUS NET SCALANCE XC206-2SFP0 < *affected
SiemensSIPLUS NET SCALANCE XC2080 < *affected
SiemensSIPLUS NET SCALANCE XC216-4C0 < *affected

Weaknesses

  • CWE-321: CWE-321: Use of Hard-coded Cryptographic Key

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References