CVE-2023-44373
9.1
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Summary
Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. Follow-up of CVE-2022-36323.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Siemens | RUGGEDCOM RM1224 LTE(4G) EU | 0 < V8.0 | affected |
| Siemens | RUGGEDCOM RM1224 LTE(4G) NAM | 0 < V8.0 | affected |
| Siemens | SCALANCE M804PB | 0 < V8.0 | affected |
| Siemens | SCALANCE M812-1 ADSL-Router | 0 < V8.0 | affected |
| Siemens | SCALANCE M812-1 ADSL-Router | 0 < V8.0 | affected |
| Siemens | SCALANCE M816-1 ADSL-Router | 0 < V8.0 | affected |
| Siemens | SCALANCE M816-1 ADSL-Router | 0 < V8.0 | affected |
| Siemens | SCALANCE M826-2 SHDSL-Router | 0 < V8.0 | affected |
| Siemens | SCALANCE M874-2 | 0 < V8.0 | affected |
| Siemens | SCALANCE M874-3 | 0 < V8.0 | affected |
| Siemens | SCALANCE M876-3 | 0 < V8.0 | affected |
| Siemens | SCALANCE M876-3 (ROK) | 0 < V8.0 | affected |
| Siemens | SCALANCE M876-4 | 0 < V8.0 | affected |
| Siemens | SCALANCE M876-4 (EU) | 0 < V8.0 | affected |
| Siemens | SCALANCE M876-4 (NAM) | 0 < V8.0 | affected |
| Siemens | SCALANCE MUM853-1 (EU) | 0 < V8.0 | affected |
| Siemens | SCALANCE MUM856-1 (EU) | 0 < V8.0 | affected |
| Siemens | SCALANCE MUM856-1 (RoW) | 0 < V8.0 | affected |
| Siemens | SCALANCE S615 EEC LAN-Router | 0 < V8.0 | affected |
| Siemens | SCALANCE S615 LAN-Router | 0 < V8.0 | affected |
| Siemens | SCALANCE W721-1 RJ45 | 0 < V6.6.0 | affected |
| Siemens | SCALANCE W721-1 RJ45 | 0 < V6.6.0 | affected |
| Siemens | SCALANCE W722-1 RJ45 | 0 < V6.6.0 | affected |
| Siemens | SCALANCE W722-1 RJ45 | 0 < V6.6.0 | affected |
| Siemens | SCALANCE W722-1 RJ45 | 0 < V6.6.0 | affected |
| Siemens | SCALANCE W734-1 RJ45 | 0 < V6.6.0 | affected |
| Siemens | SCALANCE W734-1 RJ45 | 0 < V6.6.0 | affected |
| Siemens | SCALANCE W734-1 RJ45 | 0 < V6.6.0 | affected |
| Siemens | SCALANCE W734-1 RJ45 (USA) | 0 < V6.6.0 | affected |
| Siemens | SCALANCE W738-1 M12 | 0 < V6.6.0 | affected |
| Siemens | SCALANCE W738-1 M12 | 0 < V6.6.0 | affected |
| Siemens | SCALANCE W748-1 M12 | 0 < V6.6.0 | affected |
| Siemens | SCALANCE W748-1 M12 | 0 < V6.6.0 | affected |
| Siemens | SCALANCE W748-1 RJ45 | 0 < V6.6.0 | affected |
| Siemens | SCALANCE W748-1 RJ45 | 0 < V6.6.0 | affected |
| Siemens | SCALANCE W761-1 RJ45 | 0 < V6.6.0 | affected |
| Siemens | SCALANCE W761-1 RJ45 | 0 < V6.6.0 | affected |
| Siemens | SCALANCE W774-1 M12 EEC | 0 < V6.6.0 | affected |
| Siemens | SCALANCE W774-1 M12 EEC | 0 < V6.6.0 | affected |
| Siemens | SCALANCE W774-1 RJ45 | 0 < V6.6.0 | affected |
| Siemens | SCALANCE W774-1 RJ45 | 0 < V6.6.0 | affected |
| Siemens | SCALANCE W774-1 RJ45 | 0 < V6.6.0 | affected |
| Siemens | SCALANCE W774-1 RJ45 | 0 < V6.6.0 | affected |
| Siemens | SCALANCE W774-1 RJ45 (USA) | 0 < V6.6.0 | affected |
| Siemens | SCALANCE W778-1 M12 | 0 < V6.6.0 | affected |
| Siemens | SCALANCE W778-1 M12 | 0 < V6.6.0 | affected |
| Siemens | SCALANCE W778-1 M12 EEC | 0 < V6.6.0 | affected |
| Siemens | SCALANCE W778-1 M12 EEC (USA) | 0 < V6.6.0 | affected |
| Siemens | SCALANCE W786-1 RJ45 | 0 < V6.6.0 | affected |
| Siemens | SCALANCE W786-1 RJ45 | 0 < V6.6.0 | affected |
| Siemens | SCALANCE W786-2 RJ45 | 0 < V6.6.0 | affected |
| Siemens | SCALANCE W786-2 RJ45 | 0 < V6.6.0 | affected |
| Siemens | SCALANCE W786-2 RJ45 | 0 < V6.6.0 | affected |
| Siemens | SCALANCE W786-2 SFP | 0 < V6.6.0 | affected |
| Siemens | SCALANCE W786-2 SFP | 0 < V6.6.0 | affected |
| Siemens | SCALANCE W786-2IA RJ45 | 0 < V6.6.0 | affected |
| Siemens | SCALANCE W786-2IA RJ45 | 0 < V6.6.0 | affected |
| Siemens | SCALANCE W788-1 M12 | 0 < V6.6.0 | affected |
| Siemens | SCALANCE W788-1 M12 | 0 < V6.6.0 | affected |
| Siemens | SCALANCE W788-1 RJ45 | 0 < V6.6.0 | affected |
| Siemens | SCALANCE W788-1 RJ45 | 0 < V6.6.0 | affected |
| Siemens | SCALANCE W788-2 M12 | 0 < V6.6.0 | affected |
| Siemens | SCALANCE W788-2 M12 | 0 < V6.6.0 | affected |
| Siemens | SCALANCE W788-2 M12 EEC | 0 < V6.6.0 | affected |
| Siemens | SCALANCE W788-2 M12 EEC | 0 < V6.6.0 | affected |
| Siemens | SCALANCE W788-2 M12 EEC | 0 < V6.6.0 | affected |
| Siemens | SCALANCE W788-2 RJ45 | 0 < V6.6.0 | affected |
| Siemens | SCALANCE W788-2 RJ45 | 0 < V6.6.0 | affected |
| Siemens | SCALANCE W788-2 RJ45 | 0 < V6.6.0 | affected |
| Siemens | SCALANCE WAB762-1 | 0 < V2.4.0 | affected |
| Siemens | SCALANCE WAM763-1 | 0 < V2.4.0 | affected |
| Siemens | SCALANCE WAM763-1 (ME) | 0 < V2.4.0 | affected |
| Siemens | SCALANCE WAM763-1 (US) | 0 < V2.4.0 | affected |
| Siemens | SCALANCE WAM766-1 | 0 < V2.4.0 | affected |
| Siemens | SCALANCE WAM766-1 (ME) | 0 < V2.4.0 | affected |
| Siemens | SCALANCE WAM766-1 (US) | 0 < V2.4.0 | affected |
| Siemens | SCALANCE WAM766-1 EEC | 0 < V2.4.0 | affected |
| Siemens | SCALANCE WAM766-1 EEC (ME) | 0 < V2.4.0 | affected |
| Siemens | SCALANCE WAM766-1 EEC (US) | 0 < V2.4.0 | affected |
| Siemens | SCALANCE WUB762-1 | 0 < V2.4.0 | affected |
| Siemens | SCALANCE WUB762-1 iFeatures | 0 < V2.4.0 | affected |
| Siemens | SCALANCE WUM763-1 | 0 < V2.4.0 | affected |
| Siemens | SCALANCE WUM763-1 | 0 < V2.4.0 | affected |
| Siemens | SCALANCE WUM763-1 (US) | 0 < V2.4.0 | affected |
| Siemens | SCALANCE WUM763-1 (US) | 0 < V2.4.0 | affected |
| Siemens | SCALANCE WUM766-1 | 0 < V2.4.0 | affected |
| Siemens | SCALANCE WUM766-1 (ME) | 0 < V2.4.0 | affected |
| Siemens | SCALANCE WUM766-1 (USA) | 0 < V2.4.0 | affected |
Weaknesses
- CWE-74: CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
ADP Enrichment
CVE Program Container
Additional References
- https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-180704.pdf
- https://cert-portal.siemens.com/productcert/html/ssa-699386.html
- https://cert-portal.siemens.com/productcert/html/ssa-180704.html
- https://cert-portal.siemens.com/productcert/html/ssa-602936.html
- https://cert-portal.siemens.com/productcert/html/ssa-690517.html
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-180704.pdf
- https://cert-portal.siemens.com/productcert/html/ssa-699386.html
- https://cert-portal.siemens.com/productcert/html/ssa-180704.html
- https://cert-portal.siemens.com/productcert/html/ssa-602936.html
- https://cert-portal.siemens.com/productcert/html/ssa-690517.html
- https://cert-portal.siemens.com/productcert/html/ssa-721642.html
- https://cert-portal.siemens.com/productcert/html/ssa-019200.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.