PT-2023-7782 · Siemens · Scalance S615 Eec Lan-Router+12

Published

2023-12-12

·

Updated

2024-08-13

·

CVE-2023-49692

CVSS v2.0

8.3

High

VectorAV:N/AC:L/Au:M/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions RUGGEDCOM RM1224 LTE(4G) EU versions prior to V7.2.2 RUGGEDCOM RM1224 LTE(4G) NAM versions prior to V7.2.2 SCALANCE M804PB versions prior to V7.2.2 SCALANCE M812-1 ADSL-Router versions prior to V7.2.2 SCALANCE M816-1 ADSL-Router versions prior to V7.2.2 SCALANCE M826-2 SHDSL-Router versions prior to V7.2.2 SCALANCE M874-2 versions prior to V7.2.2 SCALANCE M874-3 versions prior to V7.2.2 SCALANCE M876-3 versions prior to V7.2.2 SCALANCE M876-4 versions prior to V7.2.2 SCALANCE MUM853-1 (EU) versions prior to V7.2.2 SCALANCE MUM856-1 (EU) versions prior to V7.2.2 SCALANCE MUM856-1 (RoW) versions prior to V7.2.2 SCALANCE S615 EEC LAN-Router versions prior to V7.2.2 SCALANCE S615 LAN-Router versions prior to V7.2.2
Description The issue is related to insufficient checking of arguments passed to a command, allowing a remote attacker to execute arbitrary commands. An Improper Neutralization of Special Elements used in an OS Command with root privileges vulnerability exists in the parsing of the IPSEC configuration, which could allow malicious local administrators to issue commands on the system level after a new connection is established.
Recommendations For RUGGEDCOM RM1224 LTE(4G) EU versions prior to V7.2.2, update to version V7.2.2 or later. For RUGGEDCOM RM1224 LTE(4G) NAM versions prior to V7.2.2, update to version V7.2.2 or later. For SCALANCE M804PB versions prior to V7.2.2, update to version V7.2.2 or later. For SCALANCE M812-1 ADSL-Router versions prior to V7.2.2, update to version V7.2.2 or later. For SCALANCE M816-1 ADSL-Router versions prior to V7.2.2, update to version V7.2.2 or later. For SCALANCE M826-2 SHDSL-Router versions prior to V7.2.2, update to version V7.2.2 or later. For SCALANCE M874-2 versions prior to V7.2.2, update to version V7.2.2 or later. For SCALANCE M874-3 versions prior to V7.2.2, update to version V7.2.2 or later. For SCALANCE M876-3 versions prior to V7.2.2, update to version V7.2.2 or later. For SCALANCE M876-4 versions prior to V7.2.2, update to version V7.2.2 or later. For SCALANCE MUM853-1 (EU) versions prior to V7.2.2, update to version V7.2.2 or later. For SCALANCE MUM856-1 (EU) versions prior to V7.2.2, update to version V7.2.2 or later. For SCALANCE MUM856-1 (RoW) versions prior to V7.2.2, update to version V7.2.2 or later. For SCALANCE S615 EEC LAN-Router versions prior to V7.2.2, update to version V7.2.2 or later. For SCALANCE S615 LAN-Router versions prior to V7.2.2, update to version V7.2.2 or later.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

BDU:2023-08849
CVE-2023-49692

Affected Products

Ruggedcom Rm1224 Lte(4G) Eu
Ruggedcom Rm1224 Lte(4G) Nam
Scalance M804Pb
Scalance M812-1 Adsl-Router
Scalance M816-1 Adsl-Router
Scalance M826-2 Shdsl-Router
Scalance M874-2
Scalance M874-3
Scalance M876-3
Scalance M876-4
Scalance Mum853-1
Scalance Mum856-1
Scalance S615 Eec Lan-Router