PT-2023-6989 · Siemens · Scalance M876-3+15
Published
2023-11-14
·
Updated
2025-01-15
·
CVE-2023-44317
CVSS v4.0
8.6
High
| Vector | AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
RUGGEDCOM RM1224 LTE(4G) EU versions < V7.2.2
RUGGEDCOM RM1224 LTE(4G) NAM versions < V7.2.2
SCALANCE M804PB versions < V7.2.2
SCALANCE M812-1 ADSL-Router versions < V7.2.2
SCALANCE M816-1 ADSL-Router versions < V7.2.2
SCALANCE M826-2 SHDSL-Router versions < V7.2.2
SCALANCE M874-2 versions < V7.2.2
SCALANCE M874-3 versions < V7.2.2
SCALANCE M876-3 versions < V7.2.2
SCALANCE M876-4 versions < V7.2.2
SCALANCE MUM853-1 versions < V7.2.2
SCALANCE MUM856-1 versions < V7.2.2
SCALANCE S615 EEC LAN-Router versions < V7.2.2
SCALANCE S615 LAN-Router versions < V7.2.2
SCALANCE WAB762-1 versions < V3.0.0
SCALANCE WAM763-1 versions < V3.0.0
SCALANCE WAM766-1 versions < V3.0.0
SCALANCE WUB762-1 versions < V3.0.0
SCALANCE WUM763-1 versions < V3.0.0
SCALANCE WUM766-1 versions < V3.0.0
SCALANCE XB205-3 versions < V4.5
Description
The issue is related to the improper validation of the content of uploaded X509 certificates, which could allow an attacker with administrative privileges to execute arbitrary code on the device. This is due to the loading of external untrusted data together with trusted data.
Recommendations
For RUGGEDCOM RM1224 LTE(4G) EU versions < V7.2.2, update to version V7.2.2 or later.
For RUGGEDCOM RM1224 LTE(4G) NAM versions < V7.2.2, update to version V7.2.2 or later.
For SCALANCE M804PB versions < V7.2.2, update to version V7.2.2 or later.
For SCALANCE M812-1 ADSL-Router versions < V7.2.2, update to version V7.2.2 or later.
For SCALANCE M816-1 ADSL-Router versions < V7.2.2, update to version V7.2.2 or later.
For SCALANCE M826-2 SHDSL-Router versions < V7.2.2, update to version V7.2.2 or later.
For SCALANCE M874-2 versions < V7.2.2, update to version V7.2.2 or later.
For SCALANCE M874-3 versions < V7.2.2, update to version V7.2.2 or later.
For SCALANCE M876-3 versions < V7.2.2, update to version V7.2.2 or later.
For SCALANCE M876-4 versions < V7.2.2, update to version V7.2.2 or later.
For SCALANCE MUM853-1 versions < V7.2.2, update to version V7.2.2 or later.
For SCALANCE MUM856-1 versions < V7.2.2, update to version V7.2.2 or later.
For SCALANCE S615 EEC LAN-Router versions < V7.2.2, update to version V7.2.2 or later.
For SCALANCE S615 LAN-Router versions < V7.2.2, update to version V7.2.2 or later.
For SCALANCE WAB762-1 versions < V3.0.0, update to version V3.0.0 or later.
For SCALANCE WAM763-1 versions < V3.0.0, update to version V3.0.0 or later.
For SCALANCE WAM766-1 versions < V3.0.0, update to version V3.0.0 or later.
For SCALANCE WUB762-1 versions < V3.0.0, update to version V3.0.0 or later.
For SCALANCE WUM763-1 versions < V3.0.0, update to version V3.0.0 or later.
For SCALANCE WUM766-1 versions < V3.0.0, update to version V3.0.0 or later.
For SCALANCE XB205-3 versions < V4.5, update to version V4.5 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ruggedcom Rm1224
Scalance M804Pb
Scalance M812-1
Scalance M816-1
Scalance M826-2
Scalance M874-2
Scalance M874-3
Scalance M876-3
Scalance M876-4
Scalance Mum853-1
Scalance Mum856-1
Scalance S615
Scalance Wab762-1
Scalance Wam763-1
Scalance Wam766-1
Scalance Xb205-3