CVE-2023-44318
4.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
Affected devices use a hardcoded key to obfuscate the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that obtains a configuration backup to extract configuration information from the exported file.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Siemens | RUGGEDCOM RM1224 LTE(4G) EU | 0 < * | affected |
| Siemens | RUGGEDCOM RM1224 LTE(4G) NAM | 0 < * | affected |
| Siemens | SCALANCE M804PB | 0 < * | affected |
| Siemens | SCALANCE M812-1 ADSL-Router | 0 < * | affected |
| Siemens | SCALANCE M812-1 ADSL-Router | 0 < * | affected |
| Siemens | SCALANCE M816-1 ADSL-Router | 0 < * | affected |
| Siemens | SCALANCE M816-1 ADSL-Router | 0 < * | affected |
| Siemens | SCALANCE M826-2 SHDSL-Router | 0 < * | affected |
| Siemens | SCALANCE M874-2 | 0 < * | affected |
| Siemens | SCALANCE M874-3 | 0 < * | affected |
| Siemens | SCALANCE M876-3 | 0 < * | affected |
| Siemens | SCALANCE M876-3 (ROK) | 0 < * | affected |
| Siemens | SCALANCE M876-4 | 0 < * | affected |
| Siemens | SCALANCE M876-4 (EU) | 0 < * | affected |
| Siemens | SCALANCE M876-4 (NAM) | 0 < * | affected |
| Siemens | SCALANCE MUM853-1 (EU) | 0 < * | affected |
| Siemens | SCALANCE MUM856-1 (EU) | 0 < * | affected |
| Siemens | SCALANCE MUM856-1 (RoW) | 0 < * | affected |
| Siemens | SCALANCE S615 EEC LAN-Router | 0 < * | affected |
| Siemens | SCALANCE S615 LAN-Router | 0 < * | affected |
| Siemens | SCALANCE XB205-3 (SC, PN) | 0 < * | affected |
| Siemens | SCALANCE XB205-3 (ST, E/IP) | 0 < * | affected |
| Siemens | SCALANCE XB205-3 (ST, E/IP) | 0 < * | affected |
| Siemens | SCALANCE XB205-3 (ST, PN) | 0 < * | affected |
| Siemens | SCALANCE XB205-3LD (SC, E/IP) | 0 < * | affected |
| Siemens | SCALANCE XB205-3LD (SC, PN) | 0 < * | affected |
| Siemens | SCALANCE XB206-2 (SC) | 0 < * | affected |
| Siemens | SCALANCE XB206-2 (ST/BFOC) | 0 < * | affected |
| Siemens | SCALANCE XB206-2 LD | 0 < * | affected |
| Siemens | SCALANCE XB206-2 SC | 0 < * | affected |
| Siemens | SCALANCE XB206-2 ST | 0 < * | affected |
| Siemens | SCALANCE XB206-2LD | 0 < * | affected |
| Siemens | SCALANCE XB208 (E/IP) | 0 < * | affected |
| Siemens | SCALANCE XB208 (PN) | 0 < * | affected |
| Siemens | SCALANCE XB213-3 (SC, E/IP) | 0 < * | affected |
| Siemens | SCALANCE XB213-3 (SC, PN) | 0 < * | affected |
| Siemens | SCALANCE XB213-3 (ST, E/IP) | 0 < * | affected |
| Siemens | SCALANCE XB213-3 (ST, PN) | 0 < * | affected |
| Siemens | SCALANCE XB213-3LD (SC, E/IP) | 0 < * | affected |
| Siemens | SCALANCE XB213-3LD (SC, PN) | 0 < * | affected |
| Siemens | SCALANCE XB216 (E/IP) | 0 < * | affected |
| Siemens | SCALANCE XB216 (PN) | 0 < * | affected |
| Siemens | SCALANCE XC206-2 (SC) | 0 < * | affected |
| Siemens | SCALANCE XC206-2 (ST/BFOC) | 0 < * | affected |
| Siemens | SCALANCE XC206-2G PoE | 0 < * | affected |
| Siemens | SCALANCE XC206-2G PoE (54 V DC) | 0 < * | affected |
| Siemens | SCALANCE XC206-2G PoE EEC (54 V DC) | 0 < * | affected |
| Siemens | SCALANCE XC206-2SFP | 0 < * | affected |
| Siemens | SCALANCE XC206-2SFP EEC | 0 < * | affected |
| Siemens | SCALANCE XC206-2SFP G | 0 < * | affected |
| Siemens | SCALANCE XC206-2SFP G (EIP DEF.) | 0 < * | affected |
| Siemens | SCALANCE XC206-2SFP G EEC | 0 < * | affected |
| Siemens | SCALANCE XC208 | 0 < * | affected |
| Siemens | SCALANCE XC208EEC | 0 < * | affected |
| Siemens | SCALANCE XC208G | 0 < * | affected |
| Siemens | SCALANCE XC208G (EIP def.) | 0 < * | affected |
| Siemens | SCALANCE XC208G EEC | 0 < * | affected |
| Siemens | SCALANCE XC208G PoE | 0 < * | affected |
| Siemens | SCALANCE XC208G PoE (54 V DC) | 0 < * | affected |
| Siemens | SCALANCE XC216 | 0 < * | affected |
| Siemens | SCALANCE XC216-3G PoE | 0 < * | affected |
| Siemens | SCALANCE XC216-3G PoE (54 V DC) | 0 < * | affected |
| Siemens | SCALANCE XC216-4C | 0 < * | affected |
| Siemens | SCALANCE XC216-4C G | 0 < * | affected |
| Siemens | SCALANCE XC216-4C G (EIP Def.) | 0 < * | affected |
| Siemens | SCALANCE XC216-4C G EEC | 0 < * | affected |
| Siemens | SCALANCE XC216EEC | 0 < * | affected |
| Siemens | SCALANCE XC224 | 0 < * | affected |
| Siemens | SCALANCE XC224-4C G | 0 < * | affected |
| Siemens | SCALANCE XC224-4C G (EIP Def.) | 0 < * | affected |
| Siemens | SCALANCE XC224-4C G EEC | 0 < * | affected |
| Siemens | SCALANCE XF204 | 0 < * | affected |
| Siemens | SCALANCE XF204 DNA | 0 < * | affected |
| Siemens | SCALANCE XF204-2BA | 0 < * | affected |
| Siemens | SCALANCE XF204-2BA DNA | 0 < * | affected |
| Siemens | SCALANCE XF204G | 0 < * | affected |
| Siemens | SCALANCE XP208 | 0 < * | affected |
| Siemens | SCALANCE XP208 | 0 < * | affected |
| Siemens | SCALANCE XP208 (Ethernet/IP) | 0 < * | affected |
| Siemens | SCALANCE XP208EEC | 0 < * | affected |
| Siemens | SCALANCE XP208EEC | 0 < * | affected |
| Siemens | SCALANCE XP208G | 0 < * | affected |
| Siemens | SCALANCE XP208G EEC | 0 < * | affected |
| Siemens | SCALANCE XP208G PoE EEC | 0 < * | affected |
| Siemens | SCALANCE XP208G PP | 0 < * | affected |
| Siemens | SCALANCE XP208PoE EEC | 0 < * | affected |
| Siemens | SCALANCE XP208PoE EEC | 0 < * | affected |
| Siemens | SCALANCE XP216 | 0 < * | affected |
| Siemens | SCALANCE XP216 (Ethernet/IP) | 0 < * | affected |
| Siemens | SCALANCE XP216 (V2) | 0 < * | affected |
| Siemens | SCALANCE XP216EEC | 0 < * | affected |
| Siemens | SCALANCE XP216EEC (V2) | 0 < * | affected |
| Siemens | SCALANCE XP216G | 0 < * | affected |
| Siemens | SCALANCE XP216G EEC | 0 < * | affected |
| Siemens | SCALANCE XP216G PoE EEC | 0 < * | affected |
| Siemens | SCALANCE XP216POE EEC | 0 < * | affected |
| Siemens | SCALANCE XP216PoE EEC (V2) | 0 < * | affected |
| Siemens | SCALANCE XR324WG (24 x FE, AC 230V) | 0 < * | affected |
| Siemens | SCALANCE XR324WG (24 X FE, DC 24V) | 0 < * | affected |
| Siemens | SCALANCE XR326-2C PoE WG | 0 < * | affected |
| Siemens | SCALANCE XR326-2C PoE WG (without UL) | 0 < * | affected |
| Siemens | SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) | 0 < * | affected |
| Siemens | SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) | 0 < * | affected |
| Siemens | SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) | 0 < * | affected |
| Siemens | SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) | 0 < * | affected |
| Siemens | SCALANCE XR328-4C WG (28xGE, AC 230V) | 0 < * | affected |
| Siemens | SCALANCE XR328-4C WG (28xGE, DC 24V) | 0 < * | affected |
| Siemens | SIPLUS NET SCALANCE XC206-2 | 0 < * | affected |
| Siemens | SIPLUS NET SCALANCE XC206-2SFP | 0 < * | affected |
| Siemens | SIPLUS NET SCALANCE XC208 | 0 < * | affected |
| Siemens | SIPLUS NET SCALANCE XC216-4C | 0 < * | affected |
Weaknesses
- CWE-321: CWE-321: Use of Hard-coded Cryptographic Key
ADP Enrichment
CVE Program Container
Additional References
- https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-180704.pdf
- https://cert-portal.siemens.com/productcert/html/ssa-180704.html
- https://cert-portal.siemens.com/productcert/html/ssa-353002.html
- https://cert-portal.siemens.com/productcert/html/ssa-690517.html
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-180704.pdf
- https://cert-portal.siemens.com/productcert/html/ssa-180704.html
- https://cert-portal.siemens.com/productcert/html/ssa-353002.html
- https://cert-portal.siemens.com/productcert/html/ssa-690517.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.