CVE-2023-44320

4.3

MEDIUM

Apache HTTP Server Cross-Site Scripting (XSS)

Description

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.2.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V7.2.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V7.2.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V7.2.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V7.2.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V7.2.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V7.2.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V7.2.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V7.2.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V7.2.2). Affected devices do not properly validate the authentication when performing certain modifications in the web interface allowing an authenticated attacker to influence the user interface configured by an administrator.

INFO

Published Date :

Nov. 14, 2023, 11:15 a.m.

Last Modified :

Aug. 13, 2024, 8:15 a.m.

Source :

[email protected]

Remotely Exploitable :

Yes !

Impact Score :

1.4

Exploitability Score :

2.8

Affected Products

The following products are affected by CVE-2023-44320 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID	Vendor	Product
1	Siemens	scalance_s615_firmware
2	Siemens	scalance_sc632-2c_firmware
3	Siemens	scalance_sc636-2c_firmware
4	Siemens	scalance_sc642-2c_firmware
5	Siemens	scalance_sc646-2c_firmware
6	Siemens	scalance_sc622-2c_firmware
7	Siemens	scalance_xf204_firmware
8	Siemens	scalance_m804pb_firmware
9	Siemens	scalance_m874-2_firmware
10	Siemens	scalance_m874-3_firmware
11	Siemens	scalance_m876-3_firmware
12	Siemens	scalance_m876-4_firmware
13	Siemens	ruggedcom_rm1224_lte\(4g\)_eu_firmware
14	Siemens	ruggedcom_rm1224_lte\(4g\)_nam_firmware
15	Siemens	scalance_m812-1_adsl-router_firmware
16	Siemens	scalance_m816-1_adsl-router_firmware
17	Siemens	scalance_m826-2_shdsl-router_firmware
18	Siemens	scalance_s615_eec_firmware
19	Siemens	scalance_sc626-2c_firmware
20	Siemens	scalance_xc206-2g_poe_firmware
21	Siemens	scalance_xc206-2sfp_firmware
22	Siemens	scalance_xc206-2sfp_eec_firmware
23	Siemens	scalance_xc206-2sfp_g_firmware
24	Siemens	scalance_xc206-2sfp_g_eec_firmware
25	Siemens	scalance_xc208_firmware
26	Siemens	scalance_xc216_firmware
27	Siemens	scalance_xc216-3g_poe_firmware
28	Siemens	scalance_xc216-4c_firmware
29	Siemens	scalance_xc216-4c_g_firmware
30	Siemens	scalance_xc216-4c_g_eec_firmware
31	Siemens	scalance_xc216eec_firmware
32	Siemens	scalance_xc224_firmware
33	Siemens	scalance_xc224-4c_g_firmware
34	Siemens	scalance_xc224-4c_g_eec_firmware
35	Siemens	scalance_xf204_dna_firmware
36	Siemens	scalance_xf204-2ba_firmware
37	Siemens	scalance_xp208_firmware
38	Siemens	scalance_xp208eec_firmware
39	Siemens	scalance_xp208poe_eec_firmware
40	Siemens	scalance_xp216_firmware
41	Siemens	scalance_xp216eec_firmware
42	Siemens	scalance_xp216poe_eec_firmware
43	Siemens	siplus_net_scalance_xc206-2_firmware
44	Siemens	siplus_net_scalance_xc206-2sfp_firmware
45	Siemens	siplus_net_scalance_xc208_firmware
46	Siemens	siplus_net_scalance_xc216-4c_firmware
47	Siemens	scalance_xc208eec_firmware
48	Siemens	scalance_xc208g_firmware
49	Siemens	scalance_xc208g_eec_firmware
50	Siemens	scalance_xc208g_poe_firmware
51	Siemens	scalance_xf204-2ba_dna_firmware
52	Siemens	scalance_xr326-2c_poe_wg_firmware
53	Siemens	6gk5205-3bb00-2ab2_firmware
54	Siemens	6gk5205-3bb00-2tb2_firmware
55	Siemens	6gk5205-3bd00-2tb2_firmware
56	Siemens	6gk5205-3bd00-2ab2_firmware
57	Siemens	6gk5205-3bf00-2tb2_firmware
58	Siemens	6gk5205-3bf00-2ab2_firmware
59	Siemens	6gk5208-0ba00-2tb2_firmware
60	Siemens	6gk5208-0ba00-2ab2_firmware
61	Siemens	6gk5213-3bd00-2tb2_firmware
62	Siemens	6gk5213-3bd00-2ab2_firmware
63	Siemens	6gk5213-3bb00-2tb2_firmware
64	Siemens	6gk5213-3bb00-2ab2_firmware
65	Siemens	6gk5213-3bf00-2tb2_firmware
66	Siemens	6gk5213-3bf00-2ab2_firmware
67	Siemens	6gk5216-0ba00-2tb2_firmware
68	Siemens	6gk5216-0ba00-2ab2_firmware
69	Siemens	6gk5206-2bd00-2ac2_firmware
70	Siemens	6gk5206-2bb00-2ac2_firmware
71	Siemens	6gk5206-2rs00-2ac2_firmware
72	Siemens	6gk5206-2rs00-5ac2_firmware
73	Siemens	6gk5206-2rs00-5fc2_firmware
74	Siemens	6gk5206-2bs00-2ac2_firmware
75	Siemens	6gk5206-2bs00-2fc2_firmware
76	Siemens	6gk5206-2gs00-2ac2_firmware
77	Siemens	6gk5206-2gs00-2tc2_firmware
78	Siemens	6gk5206-2gs00-2fc2_firmware
79	Siemens	6gk5208-0ba00-2ac2_firmware
80	Siemens	6gk5208-0ba00-2fc2_firmware
81	Siemens	6gk5208-0ga00-2ac2_firmware
82	Siemens	6gk5208-0ga00-2tc2_firmware
83	Siemens	6gk5208-0ga00-2fc2_firmware
84	Siemens	6gk5208-0ra00-2ac2_firmware
85	Siemens	6gk5208-0ra00-5ac2_firmware
86	Siemens	6gk5216-0ba00-2ac2_firmware
87	Siemens	6gk5216-3rs00-2ac2_firmware
88	Siemens	6gk5216-3rs00-5ac2_firmware
89	Siemens	6gk5216-4bs00-2ac2_firmware
90	Siemens	6gk5216-4gs00-2ac2_firmware
91	Siemens	6gk5216-4gs00-2tc2_firmware
92	Siemens	6gk5216-4gs00-2fc2_firmware
93	Siemens	6gk5216-0ba00-2fc2_firmware
94	Siemens	6gk5224-0ba00-2ac2_firmware
95	Siemens	6gk5224-4gs00-2ac2_firmware
96	Siemens	6gk5224-4gs00-2tc2_firmware
97	Siemens	6gk5224-4gs00-2fc2_firmware
98	Siemens	6gk5204-0ba00-2gf2_firmware
99	Siemens	6gk5204-0ba00-2yf2_firmware
100	Siemens	6gk5204-2aa00-2gf2_firmware
101	Siemens	6gk5204-2aa00-2yf2_firmware
102	Siemens	6gk5208-0ha00-2as6_firmware
103	Siemens	6gk5208-0ha00-2ts6_firmware
104	Siemens	6gk5208-0ha00-2es6_firmware
105	Siemens	6gk5208-0ua00-5es6_firmware
106	Siemens	6gk5216-0ha00-2as6_firmware
107	Siemens	6gk5216-0ha00-2ts6_firmware
108	Siemens	6gk5216-0ha00-2es6_firmware
109	Siemens	6gk5216-0ua00-5es6_firmware
110	Siemens	6gk5324-0ba00-3ar3_firmware
111	Siemens	6gk5324-0ba00-2ar3_firmware
112	Siemens	6gk5326-2qs00-3ar3_firmware
113	Siemens	6gk5326-2qs00-3rr3_firmware
114	Siemens	6gk5328-4fs00-3ar3_firmware
115	Siemens	6gk5328-4fs00-3rr3_firmware
116	Siemens	6gk5328-4fs00-2ar3_firmware
117	Siemens	6gk5328-4fs00-2rr3_firmware
118	Siemens	6gk5328-4ss00-3ar3_firmware
119	Siemens	6gk5328-4ss00-2ar3_firmware
120	Siemens	6ag1206-2bb00-7ac2_firmware
121	Siemens	6ag1206-2bs00-7ac2_firmware
122	Siemens	6ag1208-0ba00-7ac2_firmware
123	Siemens	6ag1216-4bs00-7ac2_firmware
124	Siemens	scalance_xb208_\(e\/ip\)_firmware
125	Siemens	scalance_xb208_\(pn\)_firmware
126	Siemens	scalance_xb216_\(e\/ip\)_firmware
127	Siemens	scalance_xb216_\(pn\)_firmware
128	Siemens	scalance_xc206-2_\(sc\)_firmware
129	Siemens	scalance_xc206-2_\(st\/bfoc\)_firmware
130	Siemens	scalance_xc206-2g_poe_\(54_v_dc\)_firmware
131	Siemens	scalance_xc206-2g_poe_eec_\(54_v_dc\)_firmware
132	Siemens	scalance_xc206-2sfp_g_\(eip_def.\)_firmware
133	Siemens	scalance_xc208g_\(eip_def.\)_firmware
134	Siemens	scalance_xc208g_poe_\(54_v_dc\)_firmware
135	Siemens	scalance_xc216-3g_poe_\(54_v_dc\)_firmware
136	Siemens	scalance_xc216-4c_g_\(eip_def.\)_firmware
137	Siemens	scalance_xc224-4c_g_\(eip_def.\)_firmware
138	Siemens	scalance_xp208_\(ethernet\/ip\)_firmware
139	Siemens	scalance_xp216_\(ethernet\/ip\)_firmware
140	Siemens	scalance_xr326-2c_poe_wg_\(without_ul\)_firmware
141	Siemens	6gk5205-3bb00-2ab2
142	Siemens	6gk5205-3bb00-2tb2
143	Siemens	6gk5205-3bd00-2tb2
144	Siemens	6gk5205-3bd00-2ab2
145	Siemens	6gk5205-3bf00-2tb2
146	Siemens	6gk5205-3bf00-2ab2
147	Siemens	6gk5208-0ba00-2tb2
148	Siemens	6gk5208-0ba00-2ab2
149	Siemens	6gk5213-3bd00-2tb2
150	Siemens	6gk5213-3bd00-2ab2
151	Siemens	6gk5213-3bb00-2tb2
152	Siemens	6gk5213-3bb00-2ab2
153	Siemens	6gk5213-3bf00-2tb2
154	Siemens	6gk5213-3bf00-2ab2
155	Siemens	6gk5216-0ba00-2tb2
156	Siemens	6gk5216-0ba00-2ab2
157	Siemens	6gk5206-2bd00-2ac2
158	Siemens	6gk5206-2bb00-2ac2
159	Siemens	6gk5206-2rs00-2ac2
160	Siemens	6gk5206-2rs00-5ac2
161	Siemens	6gk5206-2rs00-5fc2
162	Siemens	6gk5206-2bs00-2ac2
163	Siemens	6gk5206-2bs00-2fc2
164	Siemens	6gk5206-2gs00-2ac2
165	Siemens	6gk5206-2gs00-2tc2
166	Siemens	6gk5206-2gs00-2fc2
167	Siemens	6gk5208-0ba00-2ac2
168	Siemens	6gk5208-0ba00-2fc2
169	Siemens	6gk5208-0ga00-2ac2
170	Siemens	6gk5208-0ga00-2tc2
171	Siemens	6gk5208-0ga00-2fc2
172	Siemens	6gk5208-0ra00-2ac2
173	Siemens	6gk5208-0ra00-5ac2
174	Siemens	6gk5216-0ba00-2ac2
175	Siemens	6gk5216-3rs00-2ac2
176	Siemens	6gk5216-3rs00-5ac2
177	Siemens	6gk5216-4bs00-2ac2
178	Siemens	6gk5216-4gs00-2ac2
179	Siemens	6gk5216-4gs00-2tc2
180	Siemens	6gk5216-4gs00-2fc2
181	Siemens	6gk5216-0ba00-2fc2
182	Siemens	6gk5224-0ba00-2ac2
183	Siemens	6gk5224-4gs00-2ac2
184	Siemens	6gk5224-4gs00-2tc2
185	Siemens	6gk5224-4gs00-2fc2
186	Siemens	6gk5204-0ba00-2gf2
187	Siemens	6gk5204-0ba00-2yf2
188	Siemens	6gk5204-2aa00-2gf2
189	Siemens	6gk5204-2aa00-2yf2
190	Siemens	6gk5208-0ha00-2as6
191	Siemens	6gk5208-0ha00-2ts6
192	Siemens	6gk5208-0ha00-2es6
193	Siemens	6gk5208-0ua00-5es6
194	Siemens	6gk5216-0ha00-2as6
195	Siemens	6gk5216-0ha00-2ts6
196	Siemens	6gk5216-0ha00-2es6
197	Siemens	6gk5216-0ua00-5es6
198	Siemens	6gk5324-0ba00-3ar3
199	Siemens	6gk5324-0ba00-2ar3
200	Siemens	6gk5326-2qs00-3ar3
201	Siemens	6gk5326-2qs00-3rr3
202	Siemens	6gk5328-4fs00-3ar3
203	Siemens	6gk5328-4fs00-3rr3
204	Siemens	6gk5328-4fs00-2ar3
205	Siemens	6gk5328-4fs00-2rr3
206	Siemens	6gk5328-4ss00-3ar3
207	Siemens	6gk5328-4ss00-2ar3
208	Siemens	6ag1206-2bb00-7ac2
209	Siemens	6ag1206-2bs00-7ac2
210	Siemens	6ag1208-0ba00-7ac2
211	Siemens	6ag1216-4bs00-7ac2
212	Siemens	scalance_m876-3_\(rok\)_firmware
213	Siemens	scalance_m876-4_\(eu\)_firmware
214	Siemens	scalance_m876-4_\(nam\)_firmware
215	Siemens	scalance_mum853-1_\(eu\)_firmware
216	Siemens	scalance_mum856-1_\(eu\)_firmware
217	Siemens	scalance_mum856-1_\(row\)_firmware
218	Siemens	scalance_s615_eec_lan-router_firmware
219	Siemens	scalance_s615_lan-router_firmware

: Total Affected Vendor : 1 | Products : 219

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2023-44320.

URL	Resource
https://cert-portal.siemens.com/productcert/html/ssa-068047.html
https://cert-portal.siemens.com/productcert/html/ssa-180704.html
https://cert-portal.siemens.com/productcert/html/ssa-602936.html
https://cert-portal.siemens.com/productcert/html/ssa-699386.html
https://cert-portal.siemens.com/productcert/pdf/ssa-180704.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf	Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2023-44320 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2023-44320 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

CVE Modified by [email protected]

Aug. 13, 2024

Action	Type	Old Value	New Value
Changed	Description	Affected devices do not properly validate the authentication when performing certain modifications in the web interface allowing an authenticated attacker to influence the user interface configured by an administrator.	A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.2.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V7.2.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V7.2.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V7.2.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V7.2.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V7.2.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V7.2.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V7.2.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V7.2.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V7.2.2). Affected devices do not properly validate the authentication when performing certain modifications in the web interface allowing an authenticated attacker to influence the user interface configured by an administrator.
Added	Reference		Siemens AG https://cert-portal.siemens.com/productcert/html/ssa-068047.html [No types assigned]

CVE Modified by [email protected]

May. 14, 2024

Action Type Old Value New Value

CVE Modified by [email protected]

Feb. 13, 2024

Action	Type	Old Value	New Value
Changed	Description	A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU, RUGGEDCOM RM1224 LTE(4G) NAM, SCALANCE M804PB, SCALANCE M812-1 ADSL-Router (Annex A), SCALANCE M812-1 ADSL-Router (Annex B), SCALANCE M816-1 ADSL-Router (Annex A), SCALANCE M816-1 ADSL-Router (Annex B), SCALANCE M826-2 SHDSL-Router, SCALANCE M874-2, SCALANCE M874-3, SCALANCE M876-3 (EVDO), SCALANCE M876-3 (ROK), SCALANCE M876-4, SCALANCE M876-4 (EU), SCALANCE M876-4 (NAM), SCALANCE MUM853-1 (EU), SCALANCE MUM856-1 (EU), SCALANCE MUM856-1 (RoW), SCALANCE S615, SCALANCE S615 EEC, SCALANCE XB205-3 (SC, PN), SCALANCE XB205-3 (ST, E/IP), SCALANCE XB205-3 (ST, E/IP), SCALANCE XB205-3 (ST, PN), SCALANCE XB205-3LD (SC, E/IP), SCALANCE XB205-3LD (SC, PN), SCALANCE XB208 (E/IP), SCALANCE XB208 (PN), SCALANCE XB213-3 (SC, E/IP), SCALANCE XB213-3 (SC, PN), SCALANCE XB213-3 (ST, E/IP), SCALANCE XB213-3 (ST, PN), SCALANCE XB213-3LD (SC, E/IP), SCALANCE XB213-3LD (SC, PN), SCALANCE XB216 (E/IP), SCALANCE XB216 (PN), SCALANCE XC206-2 (SC), SCALANCE XC206-2 (ST/BFOC), SCALANCE XC206-2G PoE, SCALANCE XC206-2G PoE (54 V DC), SCALANCE XC206-2G PoE EEC (54 V DC), SCALANCE XC206-2SFP, SCALANCE XC206-2SFP EEC, SCALANCE XC206-2SFP G, SCALANCE XC206-2SFP G (EIP DEF.), SCALANCE XC206-2SFP G EEC, SCALANCE XC208, SCALANCE XC208EEC, SCALANCE XC208G, SCALANCE XC208G (EIP def.), SCALANCE XC208G EEC, SCALANCE XC208G PoE, SCALANCE XC208G PoE (54 V DC), SCALANCE XC216, SCALANCE XC216-3G PoE, SCALANCE XC216-3G PoE (54 V DC), SCALANCE XC216-4C, SCALANCE XC216-4C G, SCALANCE XC216-4C G (EIP Def.), SCALANCE XC216-4C G EEC, SCALANCE XC216EEC, SCALANCE XC224, SCALANCE XC224-4C G, SCALANCE XC224-4C G (EIP Def.), SCALANCE XC224-4C G EEC, SCALANCE XF204, SCALANCE XF204 DNA, SCALANCE XF204-2BA, SCALANCE XF204-2BA DNA, SCALANCE XP208, SCALANCE XP208 (Ethernet/IP), SCALANCE XP208EEC, SCALANCE XP208PoE EEC, SCALANCE XP216, SCALANCE XP216 (Ethernet/IP), SCALANCE XP216EEC, SCALANCE XP216POE EEC, SCALANCE XR324WG (24 x FE, AC 230V), SCALANCE XR324WG (24 X FE, DC 24V), SCALANCE XR326-2C PoE WG, SCALANCE XR326-2C PoE WG (without UL), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V), SCALANCE XR328-4C WG (28xGE, AC 230V), SCALANCE XR328-4C WG (28xGE, DC 24V), SIPLUS NET SCALANCE XC206-2, SIPLUS NET SCALANCE XC206-2SFP, SIPLUS NET SCALANCE XC208, SIPLUS NET SCALANCE XC216-4C. Affected devices do not properly validate the authentication when performing certain modifications in the web interface allowing an authenticated attacker to influence the user interface configured by an administrator.	Affected devices do not properly validate the authentication when performing certain modifications in the web interface allowing an authenticated attacker to influence the user interface configured by an administrator.
Added	Reference		Siemens AG https://cert-portal.siemens.com/productcert/html/ssa-699386.html [No types assigned]
Added	Reference		Siemens AG https://cert-portal.siemens.com/productcert/html/ssa-180704.html [No types assigned]
Added	Reference		Siemens AG https://cert-portal.siemens.com/productcert/html/ssa-602936.html [No types assigned]

CVE Modified by [email protected]

Dec. 12, 2023

Action	Type	Old Value	New Value
Changed	Description	A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, PN) (All versions < V4.5), SCALANCE XB205-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB205-3LD (SC, PN) (All versions < V4.5), SCALANCE XB208 (E/IP) (All versions < V4.5), SCALANCE XB208 (PN) (All versions < V4.5), SCALANCE XB213-3 (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3 (SC, PN) (All versions < V4.5), SCALANCE XB213-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB213-3 (ST, PN) (All versions < V4.5), SCALANCE XB213-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3LD (SC, PN) (All versions < V4.5), SCALANCE XB216 (E/IP) (All versions < V4.5), SCALANCE XB216 (PN) (All versions < V4.5), SCALANCE XC206-2 (SC) (All versions < V4.5), SCALANCE XC206-2 (ST/BFOC) (All versions < V4.5), SCALANCE XC206-2G PoE (All versions < V4.5), SCALANCE XC206-2G PoE (54 V DC) (All versions < V4.5), SCALANCE XC206-2G PoE EEC (54 V DC) (All versions < V4.5), SCALANCE XC206-2SFP (All versions < V4.5), SCALANCE XC206-2SFP EEC (All versions < V4.5), SCALANCE XC206-2SFP G (All versions < V4.5), SCALANCE XC206-2SFP G (EIP DEF.) (All versions < V4.5), SCALANCE XC206-2SFP G EEC (All versions < V4.5), SCALANCE XC208 (All versions < V4.5), SCALANCE XC208EEC (All versions < V4.5), SCALANCE XC208G (All versions < V4.5), SCALANCE XC208G (EIP def.) (All versions < V4.5), SCALANCE XC208G EEC (All versions < V4.5), SCALANCE XC208G PoE (All versions < V4.5), SCALANCE XC208G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216 (All versions < V4.5), SCALANCE XC216-3G PoE (All versions < V4.5), SCALANCE XC216-3G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216-4C (All versions < V4.5), SCALANCE XC216-4C G (All versions < V4.5), SCALANCE XC216-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC216-4C G EEC (All versions < V4.5), SCALANCE XC216EEC (All versions < V4.5), SCALANCE XC224 (All versions < V4.5), SCALANCE XC224-4C G (All versions < V4.5), SCALANCE XC224-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC224-4C G EEC (All versions < V4.5), SCALANCE XF204 (All versions < V4.5), SCALANCE XF204 DNA (All versions < V4.5), SCALANCE XF204-2BA (All versions < V4.5), SCALANCE XF204-2BA DNA (All versions < V4.5), SCALANCE XP208 (All versions < V4.5), SCALANCE XP208 (Ethernet/IP) (All versions < V4.5), SCALANCE XP208EEC (All versions < V4.5), SCALANCE XP208PoE EEC (All versions < V4.5), SCALANCE XP216 (All versions < V4.5), SCALANCE XP216 (Ethernet/IP) (All versions < V4.5), SCALANCE XP216EEC (All versions < V4.5), SCALANCE XP216POE EEC (All versions < V4.5), SCALANCE XR324WG (24 x FE, AC 230V) (All versions < V4.5), SCALANCE XR324WG (24 X FE, DC 24V) (All versions < V4.5), SCALANCE XR326-2C PoE WG (All versions < V4.5), SCALANCE XR326-2C PoE WG (without UL) (All versions < V4.5), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, AC 230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, DC 24V) (All versions < V4.5), SIPLUS NET SCALANCE XC206-2 (All versions < V4.5), SIPLUS NET SCALANCE XC206-2SFP (All versions < V4.5), SIPLUS NET SCALANCE XC208 (All versions < V4.5), SIPLUS NET SCALANCE XC216-4C (All versions < V4.5). Affected devices do not properly validate the authentication when performing certain modifications in the web interface allowing an authenticated attacker to influence the user interface configured by an administrator.	A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU, RUGGEDCOM RM1224 LTE(4G) NAM, SCALANCE M804PB, SCALANCE M812-1 ADSL-Router (Annex A), SCALANCE M812-1 ADSL-Router (Annex B), SCALANCE M816-1 ADSL-Router (Annex A), SCALANCE M816-1 ADSL-Router (Annex B), SCALANCE M826-2 SHDSL-Router, SCALANCE M874-2, SCALANCE M874-3, SCALANCE M876-3 (EVDO), SCALANCE M876-3 (ROK), SCALANCE M876-4, SCALANCE M876-4 (EU), SCALANCE M876-4 (NAM), SCALANCE MUM853-1 (EU), SCALANCE MUM856-1 (EU), SCALANCE MUM856-1 (RoW), SCALANCE S615, SCALANCE S615 EEC, SCALANCE XB205-3 (SC, PN), SCALANCE XB205-3 (ST, E/IP), SCALANCE XB205-3 (ST, E/IP), SCALANCE XB205-3 (ST, PN), SCALANCE XB205-3LD (SC, E/IP), SCALANCE XB205-3LD (SC, PN), SCALANCE XB208 (E/IP), SCALANCE XB208 (PN), SCALANCE XB213-3 (SC, E/IP), SCALANCE XB213-3 (SC, PN), SCALANCE XB213-3 (ST, E/IP), SCALANCE XB213-3 (ST, PN), SCALANCE XB213-3LD (SC, E/IP), SCALANCE XB213-3LD (SC, PN), SCALANCE XB216 (E/IP), SCALANCE XB216 (PN), SCALANCE XC206-2 (SC), SCALANCE XC206-2 (ST/BFOC), SCALANCE XC206-2G PoE, SCALANCE XC206-2G PoE (54 V DC), SCALANCE XC206-2G PoE EEC (54 V DC), SCALANCE XC206-2SFP, SCALANCE XC206-2SFP EEC, SCALANCE XC206-2SFP G, SCALANCE XC206-2SFP G (EIP DEF.), SCALANCE XC206-2SFP G EEC, SCALANCE XC208, SCALANCE XC208EEC, SCALANCE XC208G, SCALANCE XC208G (EIP def.), SCALANCE XC208G EEC, SCALANCE XC208G PoE, SCALANCE XC208G PoE (54 V DC), SCALANCE XC216, SCALANCE XC216-3G PoE, SCALANCE XC216-3G PoE (54 V DC), SCALANCE XC216-4C, SCALANCE XC216-4C G, SCALANCE XC216-4C G (EIP Def.), SCALANCE XC216-4C G EEC, SCALANCE XC216EEC, SCALANCE XC224, SCALANCE XC224-4C G, SCALANCE XC224-4C G (EIP Def.), SCALANCE XC224-4C G EEC, SCALANCE XF204, SCALANCE XF204 DNA, SCALANCE XF204-2BA, SCALANCE XF204-2BA DNA, SCALANCE XP208, SCALANCE XP208 (Ethernet/IP), SCALANCE XP208EEC, SCALANCE XP208PoE EEC, SCALANCE XP216, SCALANCE XP216 (Ethernet/IP), SCALANCE XP216EEC, SCALANCE XP216POE EEC, SCALANCE XR324WG (24 x FE, AC 230V), SCALANCE XR324WG (24 X FE, DC 24V), SCALANCE XR326-2C PoE WG, SCALANCE XR326-2C PoE WG (without UL), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V), SCALANCE XR328-4C WG (28xGE, AC 230V), SCALANCE XR328-4C WG (28xGE, DC 24V), SIPLUS NET SCALANCE XC206-2, SIPLUS NET SCALANCE XC206-2SFP, SIPLUS NET SCALANCE XC208, SIPLUS NET SCALANCE XC216-4C. Affected devices do not properly validate the authentication when performing certain modifications in the web interface allowing an authenticated attacker to influence the user interface configured by an administrator.
Added	Reference		Siemens AG https://cert-portal.siemens.com/productcert/pdf/ssa-180704.pdf [No types assigned]

Initial Analysis by [email protected]

Nov. 28, 2023

Action	Type	Old Value	New Value
Added	CVSS V3.1		NIST AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Changed	Reference Type	https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf No Types Assigned	https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf Vendor Advisory
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5205-3bb00-2ab2_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5205-3bb00-2ab2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5205-3bb00-2tb2_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5205-3bb00-2tb2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5205-3bd00-2tb2_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5205-3bd00-2tb2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5205-3bd00-2ab2_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5205-3bd00-2ab2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5205-3bf00-2tb2_firmware::::::::* versions up to (including) 4.5 OR cpe:2.3:h:siemens:6gk5205-3bf00-2tb2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5205-3bf00-2ab2_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5205-3bf00-2ab2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5208-0ba00-2tb2_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5208-0ba00-2tb2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5208-0ba00-2ab2_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5208-0ba00-2ab2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5213-3bd00-2tb2_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5213-3bd00-2tb2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5213-3bd00-2ab2_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5213-3bd00-2ab2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5213-3bb00-2tb2_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5213-3bb00-2tb2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5213-3bb00-2ab2_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5213-3bb00-2ab2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5213-3bf00-2tb2_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5213-3bf00-2tb2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5213-3bf00-2ab2_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5213-3bf00-2ab2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5216-0ba00-2tb2_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5216-0ba00-2tb2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5216-0ba00-2ab2_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5216-0ba00-2ab2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5206-2bd00-2ac2_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5206-2bd00-2ac2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5206-2bb00-2ac2_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5206-2bb00-2ac2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5206-2rs00-2ac2_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5206-2rs00-2ac2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5206-2rs00-5ac2_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5206-2rs00-5ac2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5206-2rs00-5fc2_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5206-2rs00-5fc2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5206-2bs00-2ac2_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5206-2bs00-2ac2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5206-2bs00-2fc2_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5206-2bs00-2fc2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5206-2gs00-2ac2_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5206-2gs00-2ac2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5206-2gs00-2tc2_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5206-2gs00-2tc2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5206-2gs00-2fc2_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5206-2gs00-2fc2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5208-0ba00-2ac2_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5208-0ba00-2ac2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5208-0ba00-2fc2_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5208-0ba00-2fc2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5208-0ga00-2ac2_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5208-0ga00-2ac2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5208-0ga00-2tc2_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5208-0ga00-2tc2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5208-0ga00-2fc2_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5208-0ga00-2fc2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5208-0ra00-2ac2_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5208-0ra00-2ac2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5208-0ra00-5ac2_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5208-0ra00-5ac2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5216-0ba00-2ac2_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5216-0ba00-2ac2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5216-3rs00-2ac2_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5216-3rs00-2ac2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5216-3rs00-5ac2_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5216-3rs00-5ac2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5216-4bs00-2ac2_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5216-4bs00-2ac2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5216-4gs00-2ac2_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5216-4gs00-2ac2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5216-4gs00-2tc2_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5216-4gs00-2tc2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5216-4gs00-2fc2_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5216-4gs00-2fc2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5216-0ba00-2fc2_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5216-0ba00-2fc2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5224-0ba00-2ac2_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5224-0ba00-2ac2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5224-4gs00-2ac2_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5224-4gs00-2ac2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5224-4gs00-2tc2_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5224-4gs00-2tc2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5224-4gs00-2fc2_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5224-4gs00-2fc2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5204-0ba00-2gf2_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5204-0ba00-2gf2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5204-0ba00-2yf2_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5204-0ba00-2yf2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5204-2aa00-2gf2_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5204-2aa00-2gf2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5204-2aa00-2yf2_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5204-2aa00-2yf2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5208-0ha00-2as6_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5208-0ha00-2as6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5208-0ha00-2ts6_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5208-0ha00-2ts6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5208-0ha00-2es6_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5208-0ha00-2es6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5208-0ua00-5es6_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5208-0ua00-5es6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5216-0ha00-2as6_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5216-0ha00-2as6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5216-0ha00-2ts6_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5216-0ha00-2ts6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5216-0ha00-2es6_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5216-0ha00-2es6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5216-0ua00-5es6_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5216-0ua00-5es6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5324-0ba00-3ar3_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5324-0ba00-3ar3:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5324-0ba00-2ar3_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5324-0ba00-2ar3:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5326-2qs00-3ar3_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5326-2qs00-3ar3:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5326-2qs00-3rr3_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5326-2qs00-3rr3:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5328-4fs00-3ar3_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5328-4fs00-3ar3:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5328-4fs00-3rr3_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5328-4fs00-3rr3:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5328-4fs00-2ar3_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5328-4fs00-2ar3:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5328-4fs00-2rr3_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5328-4fs00-2rr3:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5328-4ss00-3ar3_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5328-4ss00-3ar3:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6gk5328-4ss00-2ar3_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5328-4ss00-2ar3:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6ag1206-2bb00-7ac2_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6ag1206-2bb00-7ac2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6ag1206-2bs00-7ac2_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6ag1206-2bs00-7ac2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6ag1208-0ba00-7ac2_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6ag1208-0ba00-7ac2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:6ag1216-4bs00-7ac2_firmware::::::::* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6ag1216-4bs00-7ac2:-:::::::*

CVE Received by [email protected]

Nov. 14, 2023

Action	Type	New Value
Added	Description	A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, PN) (All versions < V4.5), SCALANCE XB205-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB205-3LD (SC, PN) (All versions < V4.5), SCALANCE XB208 (E/IP) (All versions < V4.5), SCALANCE XB208 (PN) (All versions < V4.5), SCALANCE XB213-3 (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3 (SC, PN) (All versions < V4.5), SCALANCE XB213-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB213-3 (ST, PN) (All versions < V4.5), SCALANCE XB213-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3LD (SC, PN) (All versions < V4.5), SCALANCE XB216 (E/IP) (All versions < V4.5), SCALANCE XB216 (PN) (All versions < V4.5), SCALANCE XC206-2 (SC) (All versions < V4.5), SCALANCE XC206-2 (ST/BFOC) (All versions < V4.5), SCALANCE XC206-2G PoE (All versions < V4.5), SCALANCE XC206-2G PoE (54 V DC) (All versions < V4.5), SCALANCE XC206-2G PoE EEC (54 V DC) (All versions < V4.5), SCALANCE XC206-2SFP (All versions < V4.5), SCALANCE XC206-2SFP EEC (All versions < V4.5), SCALANCE XC206-2SFP G (All versions < V4.5), SCALANCE XC206-2SFP G (EIP DEF.) (All versions < V4.5), SCALANCE XC206-2SFP G EEC (All versions < V4.5), SCALANCE XC208 (All versions < V4.5), SCALANCE XC208EEC (All versions < V4.5), SCALANCE XC208G (All versions < V4.5), SCALANCE XC208G (EIP def.) (All versions < V4.5), SCALANCE XC208G EEC (All versions < V4.5), SCALANCE XC208G PoE (All versions < V4.5), SCALANCE XC208G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216 (All versions < V4.5), SCALANCE XC216-3G PoE (All versions < V4.5), SCALANCE XC216-3G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216-4C (All versions < V4.5), SCALANCE XC216-4C G (All versions < V4.5), SCALANCE XC216-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC216-4C G EEC (All versions < V4.5), SCALANCE XC216EEC (All versions < V4.5), SCALANCE XC224 (All versions < V4.5), SCALANCE XC224-4C G (All versions < V4.5), SCALANCE XC224-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC224-4C G EEC (All versions < V4.5), SCALANCE XF204 (All versions < V4.5), SCALANCE XF204 DNA (All versions < V4.5), SCALANCE XF204-2BA (All versions < V4.5), SCALANCE XF204-2BA DNA (All versions < V4.5), SCALANCE XP208 (All versions < V4.5), SCALANCE XP208 (Ethernet/IP) (All versions < V4.5), SCALANCE XP208EEC (All versions < V4.5), SCALANCE XP208PoE EEC (All versions < V4.5), SCALANCE XP216 (All versions < V4.5), SCALANCE XP216 (Ethernet/IP) (All versions < V4.5), SCALANCE XP216EEC (All versions < V4.5), SCALANCE XP216POE EEC (All versions < V4.5), SCALANCE XR324WG (24 x FE, AC 230V) (All versions < V4.5), SCALANCE XR324WG (24 X FE, DC 24V) (All versions < V4.5), SCALANCE XR326-2C PoE WG (All versions < V4.5), SCALANCE XR326-2C PoE WG (without UL) (All versions < V4.5), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, AC 230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, DC 24V) (All versions < V4.5), SIPLUS NET SCALANCE XC206-2 (All versions < V4.5), SIPLUS NET SCALANCE XC206-2SFP (All versions < V4.5), SIPLUS NET SCALANCE XC208 (All versions < V4.5), SIPLUS NET SCALANCE XC216-4C (All versions < V4.5). Affected devices do not properly validate the authentication when performing certain modifications in the web interface allowing an authenticated attacker to influence the user interface configured by an administrator.
Added	Reference	Siemens AG https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf [No types assigned]
Added	CWE	Siemens AG CWE-425
Added	CVSS V3.1	Siemens AG AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.

CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2023-44320 is associated with the following CWEs:

CWE-425: Direct Request ('Forced Browsing')

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2023-44320 weaknesses.

CAPEC-87: Forceful Browsing Forceful Browsing CAPEC-127: Directory Indexing Directory Indexing CAPEC-143: Detect Unpublicized Web Pages Detect Unpublicized Web Pages CAPEC-144: Detect Unpublicized Web Services Detect Unpublicized Web Services CAPEC-668: Key Negotiation of Bluetooth Attack (KNOB) Key Negotiation of Bluetooth Attack (KNOB)

CVE-2023-44320

Apache HTTP Server Cross-Site Scripting (XSS)

Description

INFO

Nov. 14, 2023, 11:15 a.m.

Aug. 13, 2024, 8:15 a.m.

[email protected]

Yes !

1.4

2.8

Affected Products

References to Advisories, Solutions, and Tools

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

Initial Analysis by [email protected]

CVE Received by [email protected]

CWE - Common Weakness Enumeration

Common Attack Pattern Enumeration and Classification (CAPEC)

Exploit Prediction

0.06 }} 0.01%

0.29083

CVSS31 - Vulnerability Scoring System

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable