PT-2023-6996 · Siemens · Scalance Wam763-1+15

Published

2023-11-14

·

Updated

2025-01-15

·

CVE-2023-44374

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions RUGGEDCOM RM1224 LTE(4G) EU versions < V8.0 RUGGEDCOM RM1224 LTE(4G) NAM versions < V8.0 SCALANCE M804PB versions < V8.0 SCALANCE M812-1 ADSL-Router versions < V8.0 SCALANCE M816-1 ADSL-Router versions < V8.0 SCALANCE M826-2 SHDSL-Router versions < V8.0 SCALANCE M874-2 versions < V8.0 SCALANCE M874-3 versions < V8.0 SCALANCE M876-3 versions < V8.0 SCALANCE M876-4 versions < V8.0 SCALANCE MUM853-1 versions < V8.0 SCALANCE MUM856-1 versions < V8.0 SCALANCE S615 EEC LAN-Router versions < V8.0 SCALANCE S615 LAN-Router versions < V8.0 SCALANCE WAB762-1 versions < V3.0.0 SCALANCE WAM763-1 versions < V3.0.0 SCALANCE WAM766-1 versions < V3.0.0 SCALANCE WUB762-1 versions < V3.0.0 SCALANCE WUM763-1 versions < V3.0.0 SCALANCE WUM766-1 versions < V3.0.0 SCALANCE XB205-3 versions < V4.5
Description A vulnerability has been identified that allows an authenticated attacker to change the password of another user, potentially an admin user, under certain conditions. This could allow the attacker to escalate privileges. The issue is related to insufficient checks on which password is to be changed. The vulnerability is also associated with unsynchronized access to shared data in a multithreaded context, which could allow a remote attacker to elevate their privileges.
Recommendations For RUGGEDCOM RM1224 LTE(4G) EU versions < V8.0, update to version V8.0 or later. For RUGGEDCOM RM1224 LTE(4G) NAM versions < V8.0, update to version V8.0 or later. For SCALANCE M804PB versions < V8.0, update to version V8.0 or later. For SCALANCE M812-1 ADSL-Router versions < V8.0, update to version V8.0 or later. For SCALANCE M816-1 ADSL-Router versions < V8.0, update to version V8.0 or later. For SCALANCE M826-2 SHDSL-Router versions < V8.0, update to version V8.0 or later. For SCALANCE M874-2 versions < V8.0, update to version V8.0 or later. For SCALANCE M874-3 versions < V8.0, update to version V8.0 or later. For SCALANCE M876-3 versions < V8.0, update to version V8.0 or later. For SCALANCE M876-4 versions < V8.0, update to version V8.0 or later. For SCALANCE MUM853-1 versions < V8.0, update to version V8.0 or later. For SCALANCE MUM856-1 versions < V8.0, update to version V8.0 or later. For SCALANCE S615 EEC LAN-Router versions < V8.0, update to version V8.0 or later. For SCALANCE S615 LAN-Router versions < V8.0, update to version V8.0 or later. For SCALANCE WAB762-1 versions < V3.0.0, update to version V3.0.0 or later. For SCALANCE WAM763-1 versions < V3.0.0, update to version V3.0.0 or later. For SCALANCE WAM766-1 versions < V3.0.0, update to version V3.0.0 or later. For SCALANCE WUB762-1 versions < V3.0.0, update to version V3.0.0 or later. For SCALANCE WUM763-1 versions < V3.0.0, update to version V3.0.0 or later. For SCALANCE WUM766-1 versions < V3.0.0, update to version V3.0.0 or later. For SCALANCE XB205-3 versions < V4.5, update to version V4.5 or later. As a temporary workaround, consider restricting access to password change functionality until a patch is available.

Fix

Weakness Enumeration

CWE-567

Related Identifiers

BDU:2023-08015
CVE-2023-44374

Affected Products

Ruggedcom Rm1224
Scalance M804Pb
Scalance M812-1
Scalance M816-1
Scalance M826-2
Scalance M874-2
Scalance M874-3
Scalance M876-3
Scalance M876-4
Scalance Mum853-1
Scalance Mum856-1
Scalance S615
Scalance Wab762-1
Scalance Wam763-1
Scalance Wam766-1
Scalance Xb205-3