PT-2023-7781 · Siemens · Scalance M826-2 Shdsl-Router+11
Published
2023-12-12
·
Updated
2024-08-13
·
CVE-2023-49691
CVSS v2.0
8.3
High
| Vector | AV:N/AC:L/Au:M/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
RUGGEDCOM RM1224 LTE(4G) EU versions prior to V8.0
RUGGEDCOM RM1224 LTE(4G) NAM versions prior to V8.0
SCALANCE M804PB versions prior to V8.0
SCALANCE M812-1 ADSL-Router versions prior to V8.0
SCALANCE M816-1 ADSL-Router versions prior to V8.0
SCALANCE M826-2 SHDSL-Router versions prior to V8.0
SCALANCE M874-2 versions prior to V8.0
SCALANCE M874-3 versions prior to V8.0
SCALANCE M876-3 versions prior to V8.0
SCALANCE M876-4 versions prior to V8.0
SCALANCE MUM853-1 (EU) versions prior to V8.0
SCALANCE MUM856-1 (EU) versions prior to V8.0
SCALANCE MUM856-1 (RoW) versions prior to V8.0
SCALANCE S615 EEC LAN-Router versions prior to V8.0
SCALANCE S615 LAN-Router versions prior to V8.0
Description
The issue is related to insufficient checking of arguments passed to a command, allowing a remote attacker to execute arbitrary commands. There is also an improper neutralization of special elements used in an OS command with root privileges vulnerability in the handling of the DDNS configuration, which could allow malicious local administrators to issue commands on the system level after a successful IP address update.
Recommendations
For RUGGEDCOM RM1224 LTE(4G) EU versions prior to V8.0, update to version V8.0 or later.
For RUGGEDCOM RM1224 LTE(4G) NAM versions prior to V8.0, update to version V8.0 or later.
For SCALANCE M804PB versions prior to V8.0, update to version V8.0 or later.
For SCALANCE M812-1 ADSL-Router versions prior to V8.0, update to version V8.0 or later.
For SCALANCE M816-1 ADSL-Router versions prior to V8.0, update to version V8.0 or later.
For SCALANCE M826-2 SHDSL-Router versions prior to V8.0, update to version V8.0 or later.
For SCALANCE M874-2 versions prior to V8.0, update to version V8.0 or later.
For SCALANCE M874-3 versions prior to V8.0, update to version V8.0 or later.
For SCALANCE M876-3 versions prior to V8.0, update to version V8.0 or later.
For SCALANCE M876-4 versions prior to V8.0, update to version V8.0 or later.
For SCALANCE MUM853-1 (EU) versions prior to V8.0, update to version V8.0 or later.
For SCALANCE MUM856-1 (EU) versions prior to V8.0, update to version V8.0 or later.
For SCALANCE MUM856-1 (RoW) versions prior to V8.0, update to version V8.0 or later.
For SCALANCE S615 EEC LAN-Router versions prior to V8.0, update to version V8.0 or later.
For SCALANCE S615 LAN-Router versions prior to V8.0, update to version V8.0 or later.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ruggedcom Rm1224
Scalance M804Pb
Scalance M812-1 Adsl-Router
Scalance M816-1 Adsl-Router
Scalance M826-2 Shdsl-Router
Scalance M874-2
Scalance M874-3
Scalance M876-3
Scalance M876-4
Scalance Mum853-1
Scalance Mum856-1
Scalance S615 Eec Lan-Router