CVE-2023-44374
F5 Networks Privilege Escalation Vulnerability
Description
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.0), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.0), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.0), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.0), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.0), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.0), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.0), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.0), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.0), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.0), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.0), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.0), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.0), SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (All versions), SCALANCE WAM766-1 (EU) (6GK5766-1GE00-7DA0) (All versions), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (All versions), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions), SCALANCE WAM766-1 EEC (EU) (6GK5766-1GE00-7TA0) (All versions), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) (All versions), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) (All versions), SCALANCE WUB762-1 (6GK5762-1AJ00-2AA0) (All versions), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) (All versions), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) (All versions), SCALANCE WUM766-1 (EU) (6GK5766-1GE00-3DA0) (All versions), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) (All versions), SCALANCE WUM766-1 (US) (6GK5766-1GE00-3DB0) (All versions). Affected devices allow to change the password, but insufficiently check which password is to be changed. With this an authenticated attacker could, under certain conditions, be able to change the password of another, potential admin user allowing her to escalate her privileges.
INFO
Published Date :
Nov. 14, 2023, 11:15 a.m.
Last Modified :
Sept. 10, 2024, 10:15 a.m.
Source :
[email protected]
Remotely Exploitable :
Yes !
Impact Score :
5.9
Exploitability Score :
2.8
Affected Products
The following products are affected by CVE-2023-44374
vulnerability.
Even if cvefeed.io
is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2023-44374
.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2023-44374
vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2023-44374
vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Modified by [email protected]
Sep. 10, 2024
Action Type Old Value New Value Changed Description A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.0), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.0), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.0), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.0), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.0), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.0), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.0), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.0), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.0), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.0), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.0), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.0), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.0). Affected devices allow to change the password, but insufficiently check which password is to be changed. With this an authenticated attacker could, under certain conditions, be able to change the password of another, potential admin user allowing her to escalate her privileges. A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.0), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.0), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.0), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.0), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.0), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.0), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.0), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.0), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.0), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.0), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.0), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.0), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.0), SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (All versions), SCALANCE WAM766-1 (EU) (6GK5766-1GE00-7DA0) (All versions), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (All versions), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions), SCALANCE WAM766-1 EEC (EU) (6GK5766-1GE00-7TA0) (All versions), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) (All versions), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) (All versions), SCALANCE WUB762-1 (6GK5762-1AJ00-2AA0) (All versions), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) (All versions), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) (All versions), SCALANCE WUM766-1 (EU) (6GK5766-1GE00-3DA0) (All versions), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) (All versions), SCALANCE WUM766-1 (US) (6GK5766-1GE00-3DB0) (All versions). Affected devices allow to change the password, but insufficiently check which password is to be changed. With this an authenticated attacker could, under certain conditions, be able to change the password of another, potential admin user allowing her to escalate her privileges. -
CVE Modified by [email protected]
Aug. 13, 2024
Action Type Old Value New Value Changed Description Affected devices allow to change the password, but insufficiently check which password is to be changed. With this an authenticated attacker could, under certain conditions, be able to change the password of another, potential admin user allowing her to escalate her privileges. A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.0), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.0), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.0), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.0), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.0), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.0), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.0), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.0), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.0), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.0), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.0), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.0), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.0). Affected devices allow to change the password, but insufficiently check which password is to be changed. With this an authenticated attacker could, under certain conditions, be able to change the password of another, potential admin user allowing her to escalate her privileges. -
CVE Modified by [email protected]
Jun. 11, 2024
Action Type Old Value New Value Added Reference Siemens AG https://cert-portal.siemens.com/productcert/html/ssa-690517.html [No types assigned] -
CVE Modified by [email protected]
May. 14, 2024
Action Type Old Value New Value -
CVE Modified by [email protected]
Mar. 12, 2024
Action Type Old Value New Value Changed Description A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU, RUGGEDCOM RM1224 LTE(4G) NAM, SCALANCE M804PB, SCALANCE M812-1 ADSL-Router (Annex A), SCALANCE M812-1 ADSL-Router (Annex B), SCALANCE M816-1 ADSL-Router (Annex A), SCALANCE M816-1 ADSL-Router (Annex B), SCALANCE M826-2 SHDSL-Router, SCALANCE M874-2, SCALANCE M874-3, SCALANCE M876-3 (EVDO), SCALANCE M876-3 (ROK), SCALANCE M876-4, SCALANCE M876-4 (EU), SCALANCE M876-4 (NAM), SCALANCE MUM853-1 (EU), SCALANCE MUM856-1 (EU), SCALANCE MUM856-1 (RoW), SCALANCE S615, SCALANCE S615 EEC, SCALANCE XB205-3 (SC, PN), SCALANCE XB205-3 (ST, E/IP), SCALANCE XB205-3 (ST, E/IP), SCALANCE XB205-3 (ST, PN), SCALANCE XB205-3LD (SC, E/IP), SCALANCE XB205-3LD (SC, PN), SCALANCE XB208 (E/IP), SCALANCE XB208 (PN), SCALANCE XB213-3 (SC, E/IP), SCALANCE XB213-3 (SC, PN), SCALANCE XB213-3 (ST, E/IP), SCALANCE XB213-3 (ST, PN), SCALANCE XB213-3LD (SC, E/IP), SCALANCE XB213-3LD (SC, PN), SCALANCE XB216 (E/IP), SCALANCE XB216 (PN), SCALANCE XC206-2 (SC), SCALANCE XC206-2 (ST/BFOC), SCALANCE XC206-2G PoE, SCALANCE XC206-2G PoE (54 V DC), SCALANCE XC206-2G PoE EEC (54 V DC), SCALANCE XC206-2SFP, SCALANCE XC206-2SFP EEC, SCALANCE XC206-2SFP G, SCALANCE XC206-2SFP G (EIP DEF.), SCALANCE XC206-2SFP G EEC, SCALANCE XC208, SCALANCE XC208EEC, SCALANCE XC208G, SCALANCE XC208G (EIP def.), SCALANCE XC208G EEC, SCALANCE XC208G PoE, SCALANCE XC208G PoE (54 V DC), SCALANCE XC216, SCALANCE XC216-3G PoE, SCALANCE XC216-3G PoE (54 V DC), SCALANCE XC216-4C, SCALANCE XC216-4C G, SCALANCE XC216-4C G (EIP Def.), SCALANCE XC216-4C G EEC, SCALANCE XC216EEC, SCALANCE XC224, SCALANCE XC224-4C G, SCALANCE XC224-4C G (EIP Def.), SCALANCE XC224-4C G EEC, SCALANCE XF204, SCALANCE XF204 DNA, SCALANCE XF204-2BA, SCALANCE XF204-2BA DNA, SCALANCE XP208, SCALANCE XP208 (Ethernet/IP), SCALANCE XP208EEC, SCALANCE XP208PoE EEC, SCALANCE XP216, SCALANCE XP216 (Ethernet/IP), SCALANCE XP216EEC, SCALANCE XP216POE EEC, SCALANCE XR324WG (24 x FE, AC 230V), SCALANCE XR324WG (24 X FE, DC 24V), SCALANCE XR326-2C PoE WG, SCALANCE XR326-2C PoE WG (without UL), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V), SCALANCE XR328-4C WG (28xGE, AC 230V), SCALANCE XR328-4C WG (28xGE, DC 24V), SIPLUS NET SCALANCE XC206-2, SIPLUS NET SCALANCE XC206-2SFP, SIPLUS NET SCALANCE XC208, SIPLUS NET SCALANCE XC216-4C. Affected devices allow to change the password, but insufficiently check which password is to be changed. With this an authenticated attacker could, under certain conditions, be able to change the password of another, potential admin user allowing her to escalate her privileges. Affected devices allow to change the password, but insufficiently check which password is to be changed. With this an authenticated attacker could, under certain conditions, be able to change the password of another, potential admin user allowing her to escalate her privileges. Added Reference Siemens AG https://cert-portal.siemens.com/productcert/html/ssa-699386.html [No types assigned] Added Reference Siemens AG https://cert-portal.siemens.com/productcert/html/ssa-180704.html [No types assigned] -
CVE Modified by [email protected]
Dec. 12, 2023
Action Type Old Value New Value Changed Description A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, PN) (All versions < V4.5), SCALANCE XB205-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB205-3LD (SC, PN) (All versions < V4.5), SCALANCE XB208 (E/IP) (All versions < V4.5), SCALANCE XB208 (PN) (All versions < V4.5), SCALANCE XB213-3 (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3 (SC, PN) (All versions < V4.5), SCALANCE XB213-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB213-3 (ST, PN) (All versions < V4.5), SCALANCE XB213-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3LD (SC, PN) (All versions < V4.5), SCALANCE XB216 (E/IP) (All versions < V4.5), SCALANCE XB216 (PN) (All versions < V4.5), SCALANCE XC206-2 (SC) (All versions < V4.5), SCALANCE XC206-2 (ST/BFOC) (All versions < V4.5), SCALANCE XC206-2G PoE (All versions < V4.5), SCALANCE XC206-2G PoE (54 V DC) (All versions < V4.5), SCALANCE XC206-2G PoE EEC (54 V DC) (All versions < V4.5), SCALANCE XC206-2SFP (All versions < V4.5), SCALANCE XC206-2SFP EEC (All versions < V4.5), SCALANCE XC206-2SFP G (All versions < V4.5), SCALANCE XC206-2SFP G (EIP DEF.) (All versions < V4.5), SCALANCE XC206-2SFP G EEC (All versions < V4.5), SCALANCE XC208 (All versions < V4.5), SCALANCE XC208EEC (All versions < V4.5), SCALANCE XC208G (All versions < V4.5), SCALANCE XC208G (EIP def.) (All versions < V4.5), SCALANCE XC208G EEC (All versions < V4.5), SCALANCE XC208G PoE (All versions < V4.5), SCALANCE XC208G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216 (All versions < V4.5), SCALANCE XC216-3G PoE (All versions < V4.5), SCALANCE XC216-3G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216-4C (All versions < V4.5), SCALANCE XC216-4C G (All versions < V4.5), SCALANCE XC216-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC216-4C G EEC (All versions < V4.5), SCALANCE XC216EEC (All versions < V4.5), SCALANCE XC224 (All versions < V4.5), SCALANCE XC224-4C G (All versions < V4.5), SCALANCE XC224-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC224-4C G EEC (All versions < V4.5), SCALANCE XF204 (All versions < V4.5), SCALANCE XF204 DNA (All versions < V4.5), SCALANCE XF204-2BA (All versions < V4.5), SCALANCE XF204-2BA DNA (All versions < V4.5), SCALANCE XP208 (All versions < V4.5), SCALANCE XP208 (Ethernet/IP) (All versions < V4.5), SCALANCE XP208EEC (All versions < V4.5), SCALANCE XP208PoE EEC (All versions < V4.5), SCALANCE XP216 (All versions < V4.5), SCALANCE XP216 (Ethernet/IP) (All versions < V4.5), SCALANCE XP216EEC (All versions < V4.5), SCALANCE XP216POE EEC (All versions < V4.5), SCALANCE XR324WG (24 x FE, AC 230V) (All versions < V4.5), SCALANCE XR324WG (24 X FE, DC 24V) (All versions < V4.5), SCALANCE XR326-2C PoE WG (All versions < V4.5), SCALANCE XR326-2C PoE WG (without UL) (All versions < V4.5), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, AC 230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, DC 24V) (All versions < V4.5), SIPLUS NET SCALANCE XC206-2 (All versions < V4.5), SIPLUS NET SCALANCE XC206-2SFP (All versions < V4.5), SIPLUS NET SCALANCE XC208 (All versions < V4.5), SIPLUS NET SCALANCE XC216-4C (All versions < V4.5). Affected devices allow to change the password, but insufficiently check which password is to be changed. With this an authenticated attacker could, under certain conditions, be able to change the password of another, potential admin user allowing her to escalate her privileges. A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU, RUGGEDCOM RM1224 LTE(4G) NAM, SCALANCE M804PB, SCALANCE M812-1 ADSL-Router (Annex A), SCALANCE M812-1 ADSL-Router (Annex B), SCALANCE M816-1 ADSL-Router (Annex A), SCALANCE M816-1 ADSL-Router (Annex B), SCALANCE M826-2 SHDSL-Router, SCALANCE M874-2, SCALANCE M874-3, SCALANCE M876-3 (EVDO), SCALANCE M876-3 (ROK), SCALANCE M876-4, SCALANCE M876-4 (EU), SCALANCE M876-4 (NAM), SCALANCE MUM853-1 (EU), SCALANCE MUM856-1 (EU), SCALANCE MUM856-1 (RoW), SCALANCE S615, SCALANCE S615 EEC, SCALANCE XB205-3 (SC, PN), SCALANCE XB205-3 (ST, E/IP), SCALANCE XB205-3 (ST, E/IP), SCALANCE XB205-3 (ST, PN), SCALANCE XB205-3LD (SC, E/IP), SCALANCE XB205-3LD (SC, PN), SCALANCE XB208 (E/IP), SCALANCE XB208 (PN), SCALANCE XB213-3 (SC, E/IP), SCALANCE XB213-3 (SC, PN), SCALANCE XB213-3 (ST, E/IP), SCALANCE XB213-3 (ST, PN), SCALANCE XB213-3LD (SC, E/IP), SCALANCE XB213-3LD (SC, PN), SCALANCE XB216 (E/IP), SCALANCE XB216 (PN), SCALANCE XC206-2 (SC), SCALANCE XC206-2 (ST/BFOC), SCALANCE XC206-2G PoE, SCALANCE XC206-2G PoE (54 V DC), SCALANCE XC206-2G PoE EEC (54 V DC), SCALANCE XC206-2SFP, SCALANCE XC206-2SFP EEC, SCALANCE XC206-2SFP G, SCALANCE XC206-2SFP G (EIP DEF.), SCALANCE XC206-2SFP G EEC, SCALANCE XC208, SCALANCE XC208EEC, SCALANCE XC208G, SCALANCE XC208G (EIP def.), SCALANCE XC208G EEC, SCALANCE XC208G PoE, SCALANCE XC208G PoE (54 V DC), SCALANCE XC216, SCALANCE XC216-3G PoE, SCALANCE XC216-3G PoE (54 V DC), SCALANCE XC216-4C, SCALANCE XC216-4C G, SCALANCE XC216-4C G (EIP Def.), SCALANCE XC216-4C G EEC, SCALANCE XC216EEC, SCALANCE XC224, SCALANCE XC224-4C G, SCALANCE XC224-4C G (EIP Def.), SCALANCE XC224-4C G EEC, SCALANCE XF204, SCALANCE XF204 DNA, SCALANCE XF204-2BA, SCALANCE XF204-2BA DNA, SCALANCE XP208, SCALANCE XP208 (Ethernet/IP), SCALANCE XP208EEC, SCALANCE XP208PoE EEC, SCALANCE XP216, SCALANCE XP216 (Ethernet/IP), SCALANCE XP216EEC, SCALANCE XP216POE EEC, SCALANCE XR324WG (24 x FE, AC 230V), SCALANCE XR324WG (24 X FE, DC 24V), SCALANCE XR326-2C PoE WG, SCALANCE XR326-2C PoE WG (without UL), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V), SCALANCE XR328-4C WG (28xGE, AC 230V), SCALANCE XR328-4C WG (28xGE, DC 24V), SIPLUS NET SCALANCE XC206-2, SIPLUS NET SCALANCE XC206-2SFP, SIPLUS NET SCALANCE XC208, SIPLUS NET SCALANCE XC216-4C. Affected devices allow to change the password, but insufficiently check which password is to be changed. With this an authenticated attacker could, under certain conditions, be able to change the password of another, potential admin user allowing her to escalate her privileges. Added Reference Siemens AG https://cert-portal.siemens.com/productcert/pdf/ssa-180704.pdf [No types assigned] -
Initial Analysis by [email protected]
Nov. 28, 2023
Action Type Old Value New Value Added CVSS V3.1 NIST AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Changed Reference Type https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf No Types Assigned https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf Vendor Advisory Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5205-3bb00-2ab2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5205-3bb00-2ab2:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5205-3bb00-2tb2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5205-3bb00-2tb2:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5205-3bd00-2tb2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5205-3bd00-2tb2:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5205-3bd00-2ab2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5205-3bd00-2ab2:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5205-3bf00-2tb2_firmware:*:*:*:*:*:*:*:* versions up to (including) 4.5 OR cpe:2.3:h:siemens:6gk5205-3bf00-2tb2:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5205-3bf00-2ab2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5205-3bf00-2ab2:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5208-0ba00-2tb2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5208-0ba00-2tb2:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5208-0ba00-2ab2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5208-0ba00-2ab2:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5213-3bd00-2tb2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5213-3bd00-2tb2:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5213-3bd00-2ab2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5213-3bd00-2ab2:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5213-3bb00-2tb2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5213-3bb00-2tb2:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5213-3bb00-2ab2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5213-3bb00-2ab2:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5213-3bf00-2tb2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5213-3bf00-2tb2:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5213-3bf00-2ab2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5213-3bf00-2ab2:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5216-0ba00-2tb2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5216-0ba00-2tb2:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5216-0ba00-2ab2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5216-0ba00-2ab2:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5206-2bd00-2ac2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5206-2bd00-2ac2:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5206-2bb00-2ac2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5206-2bb00-2ac2:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5206-2rs00-2ac2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5206-2rs00-2ac2:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5206-2rs00-5ac2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5206-2rs00-5ac2:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5206-2rs00-5fc2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5206-2rs00-5fc2:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5206-2bs00-2ac2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5206-2bs00-2ac2:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5206-2bs00-2fc2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5206-2bs00-2fc2:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5206-2gs00-2ac2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5206-2gs00-2ac2:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5206-2gs00-2tc2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5206-2gs00-2tc2:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5206-2gs00-2fc2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5206-2gs00-2fc2:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5208-0ba00-2ac2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5208-0ba00-2ac2:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5208-0ba00-2fc2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5208-0ba00-2fc2:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5208-0ga00-2ac2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5208-0ga00-2ac2:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5208-0ga00-2tc2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5208-0ga00-2tc2:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5208-0ga00-2fc2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5208-0ga00-2fc2:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5208-0ra00-2ac2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5208-0ra00-2ac2:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5208-0ra00-5ac2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5208-0ra00-5ac2:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5216-0ba00-2ac2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5216-0ba00-2ac2:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5216-3rs00-2ac2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5216-3rs00-2ac2:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5216-3rs00-5ac2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5216-3rs00-5ac2:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5216-4bs00-2ac2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5216-4bs00-2ac2:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5216-4gs00-2ac2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5216-4gs00-2ac2:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5216-4gs00-2tc2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5216-4gs00-2tc2:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5216-4gs00-2fc2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5216-4gs00-2fc2:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5216-0ba00-2fc2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5216-0ba00-2fc2:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5224-0ba00-2ac2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5224-0ba00-2ac2:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5224-4gs00-2ac2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5224-4gs00-2ac2:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5224-4gs00-2tc2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5224-4gs00-2tc2:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5224-4gs00-2fc2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5224-4gs00-2fc2:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5204-0ba00-2gf2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5204-0ba00-2gf2:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5204-0ba00-2yf2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5204-0ba00-2yf2:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5204-2aa00-2gf2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5204-2aa00-2gf2:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5204-2aa00-2yf2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5204-2aa00-2yf2:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5208-0ha00-2as6_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5208-0ha00-2as6:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5208-0ha00-2ts6_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5208-0ha00-2ts6:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5208-0ha00-2es6_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5208-0ha00-2es6:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5208-0ua00-5es6_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5208-0ua00-5es6:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5216-0ha00-2as6_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5216-0ha00-2as6:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5216-0ha00-2ts6_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5216-0ha00-2ts6:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5216-0ha00-2es6_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5216-0ha00-2es6:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5216-0ua00-5es6_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5216-0ua00-5es6:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5324-0ba00-3ar3_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5324-0ba00-3ar3:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5324-0ba00-2ar3_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5324-0ba00-2ar3:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5326-2qs00-3ar3_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5326-2qs00-3ar3:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5326-2qs00-3rr3_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5326-2qs00-3rr3:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5328-4fs00-3ar3_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5328-4fs00-3ar3:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5328-4fs00-3rr3_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5328-4fs00-3rr3:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5328-4fs00-2ar3_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5328-4fs00-2ar3:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5328-4fs00-2rr3_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5328-4fs00-2rr3:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5328-4ss00-3ar3_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5328-4ss00-3ar3:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6gk5328-4ss00-2ar3_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6gk5328-4ss00-2ar3:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6ag1206-2bb00-7ac2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6ag1206-2bb00-7ac2:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6ag1206-2bs00-7ac2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6ag1206-2bs00-7ac2:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6ag1208-0ba00-7ac2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6ag1208-0ba00-7ac2:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:siemens:6ag1216-4bs00-7ac2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5 OR cpe:2.3:h:siemens:6ag1216-4bs00-7ac2:-:*:*:*:*:*:*:* -
CVE Received by [email protected]
Nov. 14, 2023
Action Type Old Value New Value Added Description A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, PN) (All versions < V4.5), SCALANCE XB205-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB205-3LD (SC, PN) (All versions < V4.5), SCALANCE XB208 (E/IP) (All versions < V4.5), SCALANCE XB208 (PN) (All versions < V4.5), SCALANCE XB213-3 (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3 (SC, PN) (All versions < V4.5), SCALANCE XB213-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB213-3 (ST, PN) (All versions < V4.5), SCALANCE XB213-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3LD (SC, PN) (All versions < V4.5), SCALANCE XB216 (E/IP) (All versions < V4.5), SCALANCE XB216 (PN) (All versions < V4.5), SCALANCE XC206-2 (SC) (All versions < V4.5), SCALANCE XC206-2 (ST/BFOC) (All versions < V4.5), SCALANCE XC206-2G PoE (All versions < V4.5), SCALANCE XC206-2G PoE (54 V DC) (All versions < V4.5), SCALANCE XC206-2G PoE EEC (54 V DC) (All versions < V4.5), SCALANCE XC206-2SFP (All versions < V4.5), SCALANCE XC206-2SFP EEC (All versions < V4.5), SCALANCE XC206-2SFP G (All versions < V4.5), SCALANCE XC206-2SFP G (EIP DEF.) (All versions < V4.5), SCALANCE XC206-2SFP G EEC (All versions < V4.5), SCALANCE XC208 (All versions < V4.5), SCALANCE XC208EEC (All versions < V4.5), SCALANCE XC208G (All versions < V4.5), SCALANCE XC208G (EIP def.) (All versions < V4.5), SCALANCE XC208G EEC (All versions < V4.5), SCALANCE XC208G PoE (All versions < V4.5), SCALANCE XC208G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216 (All versions < V4.5), SCALANCE XC216-3G PoE (All versions < V4.5), SCALANCE XC216-3G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216-4C (All versions < V4.5), SCALANCE XC216-4C G (All versions < V4.5), SCALANCE XC216-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC216-4C G EEC (All versions < V4.5), SCALANCE XC216EEC (All versions < V4.5), SCALANCE XC224 (All versions < V4.5), SCALANCE XC224-4C G (All versions < V4.5), SCALANCE XC224-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC224-4C G EEC (All versions < V4.5), SCALANCE XF204 (All versions < V4.5), SCALANCE XF204 DNA (All versions < V4.5), SCALANCE XF204-2BA (All versions < V4.5), SCALANCE XF204-2BA DNA (All versions < V4.5), SCALANCE XP208 (All versions < V4.5), SCALANCE XP208 (Ethernet/IP) (All versions < V4.5), SCALANCE XP208EEC (All versions < V4.5), SCALANCE XP208PoE EEC (All versions < V4.5), SCALANCE XP216 (All versions < V4.5), SCALANCE XP216 (Ethernet/IP) (All versions < V4.5), SCALANCE XP216EEC (All versions < V4.5), SCALANCE XP216POE EEC (All versions < V4.5), SCALANCE XR324WG (24 x FE, AC 230V) (All versions < V4.5), SCALANCE XR324WG (24 X FE, DC 24V) (All versions < V4.5), SCALANCE XR326-2C PoE WG (All versions < V4.5), SCALANCE XR326-2C PoE WG (without UL) (All versions < V4.5), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, AC 230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, DC 24V) (All versions < V4.5), SIPLUS NET SCALANCE XC206-2 (All versions < V4.5), SIPLUS NET SCALANCE XC206-2SFP (All versions < V4.5), SIPLUS NET SCALANCE XC208 (All versions < V4.5), SIPLUS NET SCALANCE XC216-4C (All versions < V4.5). Affected devices allow to change the password, but insufficiently check which password is to be changed. With this an authenticated attacker could, under certain conditions, be able to change the password of another, potential admin user allowing her to escalate her privileges. Added Reference Siemens AG https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf [No types assigned] Added CWE Siemens AG CWE-567 Added CVSS V3.1 Siemens AG AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2023-44374
is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2023-44374
weaknesses.
Exploit Prediction
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.
0.14 }} 0.07%
score
0.50600
percentile