CVE-2023-44373

Name of the Vulnerable Software and Affected Versions RUGGEDCOM RM1224 LTE(4G) EU versions < V8.0 RUGGEDCOM RM1224 LTE(4G) NAM versions < V8.0 SCALANCE M804PB versions < V8.0 SCALANCE M812-1 ADSL-Router versions < V8.0 SCALANCE M816-1 ADSL-Router versions < V8.0 SCALANCE M826-2 SHDSL-Router versions < V8.0 SCALANCE M874-2 versions < V8.0 SCALANCE M874-3 versions < V8.0 SCALANCE M876-3 versions < V8.0 SCALANCE M876-4 versions < V8.0 SCALANCE MUM853-1 (EU) versions < V8.0 SCALANCE MUM856-1 (EU) versions < V8.0 SCALANCE MUM856-1 (RoW) versions < V8.0 SCALANCE S615 EEC LAN-Router versions < V8.0 SCALANCE S615 LAN-Router versions < V8.0 SCALANCE WAB762-1 versions < V2.4.0 SCALANCE WAM763-1 versions < V2.4.0 SCALANCE WAM766-1 versions < V2.4.0 SCALANCE WUB762-1 versions < V2.4.0 SCALANCE WUM763-1 versions < V2.4.0 SCALANCE WUM766-1 versions < V2.4.0 SCALANCE XB205-3 (SC, PN) versions < V4.5 SCALANCE XB205-3 (ST, E/IP) versions < V4.5

Description A vulnerability has been identified in the affected devices, which do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. The vulnerability exists due to the lack of measures to neutralize special elements. Exploitation of the vulnerability may allow a remote attacker to disable user notifications.

Recommendations For RUGGEDCOM RM1224 LTE(4G) EU versions < V8.0, update to version V8.0 or later. For RUGGEDCOM RM1224 LTE(4G) NAM versions < V8.0, update to version V8.0 or later. For SCALANCE M804PB versions < V8.0, update to version V8.0 or later. For SCALANCE M812-1 ADSL-Router versions < V8.0, update to version V8.0 or later. For SCALANCE M816-1 ADSL-Router versions < V8.0, update to version V8.0 or later. For SCALANCE M826-2 SHDSL-Router versions < V8.0, update to version V8.0 or later. For SCALANCE M874-2 versions < V8.0, update to version V8.0 or later. For SCALANCE M874-3 versions < V8.0, update to version V8.0 or later. For SCALANCE M876-3 versions < V8.0, update to version V8.0 or later. For SCALANCE M876-4 versions < V8.0, update to version V8.0 or later. For SCALANCE MUM853-1 (EU) versions < V8.0, update to version V8.0 or later. For SCALANCE MUM856-1 (EU) versions < V8.0, update to version V8.0 or later. For SCALANCE MUM856-1 (RoW) versions < V8.0, update to version V8.0 or later. For SCALANCE S615 EEC LAN-Router versions < V8.0, update to version V8.0 or later. For SCALANCE S615 LAN-Router versions < V8.0, update to version V8.0 or later. For SCALANCE WAB762-1 versions < V2.4.0, update to version V2.4.0 or later. For SCALANCE WAM763-1 versions < V2.4.0, update to version V2.4.0 or later. For SCALANCE WAM766-1 versions < V2.4.0, update to version V2.4.0 or later. For SCALANCE WUB762-1 versions < V2.4.0, update to version V2.4.0 or later. For SCALANCE WUM763-1 versions < V2.4.0, update to version V2.4.0 or later. For SCALANCE WUM766-1 versions < V2.4.0, update to version V2.4.0 or later. For SCALANCE XB205-3 (SC, PN) versions < V4.5, update to version V4.5 or later. For SCALANCE XB205-3 (ST, E/IP) versions < V4.5, update to version V4.5 or later. As a temporary workaround, consider disabling the input field that is not properly sanitized until a patch is available. Restrict access to the affected devices to minimize the risk of exploitation. Avoid using the vulnerable input field in the affected API endpoints until the issue is resolved.