Lucene search

SiemensCVE-2023-49692

HistoryDec 12, 2023 - 12:15 p.m.

CVE-2023-49692

2023-12-1212:15:16

CWE-78

siemens

web.nvd.nist.gov

cve-2023-49692

ruggedcom

scalance

os command

ipsec

security vulnerability

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

17.0%

JSON

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.2.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V7.2.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V7.2.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V7.2.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V7.2.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V7.2.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V7.2.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V7.2.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V7.2.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V7.2.2). An Improper Neutralization of Special Elements used in an OS Command with root privileges vulnerability exists in the parsing of the IPSEC configuration. This could allow malicious local administrators to issue commands on system level after a new connection is established.

Affected configurations

Nvd

Node

siemens6gk6108-4am00-2ba2_firmwareRange<7.2.2

AND

siemens6gk6108-4am00-2ba2Match-

Node

siemens6gk6108-4am00-2da2_firmwareRange<7.2.2

AND

siemens6gk6108-4am00-2da2Match-

Node

siemens6gk5804-0ap00-2aa2_firmwareRange<7.2.2

AND

siemens6gk5804-0ap00-2aa2Match-

Node

siemens6gk5812-1aa00-2aa2_firmwareRange<7.2.2

AND

siemens6gk5812-1aa00-2aa2Match-

Node

siemens6gk5812-1ba00-2aa2_firmwareRange<7.2.2

AND

siemens6gk5812-1ba00-2aa2Match-

Node

siemens6gk5816-1aa00-2aa2_firmwareRange<7.2.2

AND

siemens6gk5816-1aa00-2aa2Match-

Node

siemens6gk5816-1ba00-2aa2_firmwareRange<7.2.2

AND

siemens6gk5816-1ba00-2aa2Match-

Node

siemens6gk5826-2ab00-2ab2_firmwareRange<7.2.2

AND

siemens6gk5826-2ab00-2ab2Match-

Node

siemens6gk5874-2aa00-2aa2_firmwareRange<7.2.2

AND

siemens6gk5874-2aa00-2aa2Match-

Node

siemens6gk5874-3aa00-2aa2_firmwareRange<7.2.2

AND

siemens6gk5874-3aa00-2aa2Match-

Node

siemens6gk5876-3aa02-2ba2_firmwareRange<7.2.2

AND

siemens6gk5876-3aa02-2ba2Match-

Node

siemens6gk5876-3aa02-2ea2_firmwareRange<7.2.2

AND

siemens6gk5876-3aa02-2ea2Match-

Node

siemens6gk5876-4aa10-2ba2_firmwareRange<7.2.2

AND

siemens6gk5876-4aa10-2ba2Match-

Node

siemens6gk5876-4aa00-2ba2_firmwareRange<7.2.2

AND

siemens6gk5876-4aa00-2ba2Match-

Node

siemens6gk5876-4aa00-2da2_firmwareRange<7.2.2

AND

siemens6gk5876-4aa00-2da2Match-

Node

siemens6gk5853-2ea00-2da1_firmwareRange<7.2.2

AND

siemens6gk5853-2ea00-2da1Match-

Node

siemens6gk5856-2ea00-3da1_firmwareRange<7.2.2

AND

siemens6gk5856-2ea00-3da1Match-

Node

siemens6gk5856-2ea00-3aa1_firmwareRange<7.2.2

AND

siemens6gk5856-2ea00-3aa1Match-

Node

siemens6gk5615-0aa00-2aa2_firmwareRange<7.2.2

AND

siemens6gk5615-0aa00-2aa2Match-

Node

siemens6gk5615-0aa01-2aa2_firmwareRange<7.2.2

AND

siemens6gk5615-0aa01-2aa2Match-

VendorProductVersionCPE
siemens6gk6108-4am00-2ba2_firmware*cpe:2.3:o:siemens:6gk6108-4am00-2ba2_firmware:*:*:*:*:*:*:*:*
siemens6gk6108-4am00-2ba2-cpe:2.3:h:siemens:6gk6108-4am00-2ba2:-:*:*:*:*:*:*:*
siemens6gk6108-4am00-2da2_firmware*cpe:2.3:o:siemens:6gk6108-4am00-2da2_firmware:*:*:*:*:*:*:*:*
siemens6gk6108-4am00-2da2-cpe:2.3:h:siemens:6gk6108-4am00-2da2:-:*:*:*:*:*:*:*
siemens6gk5804-0ap00-2aa2_firmware*cpe:2.3:o:siemens:6gk5804-0ap00-2aa2_firmware:*:*:*:*:*:*:*:*
siemens6gk5804-0ap00-2aa2-cpe:2.3:h:siemens:6gk5804-0ap00-2aa2:-:*:*:*:*:*:*:*
siemens6gk5812-1aa00-2aa2_firmware*cpe:2.3:o:siemens:6gk5812-1aa00-2aa2_firmware:*:*:*:*:*:*:*:*
siemens6gk5812-1aa00-2aa2-cpe:2.3:h:siemens:6gk5812-1aa00-2aa2:-:*:*:*:*:*:*:*
siemens6gk5812-1ba00-2aa2_firmware*cpe:2.3:o:siemens:6gk5812-1ba00-2aa2_firmware:*:*:*:*:*:*:*:*
siemens6gk5812-1ba00-2aa2-cpe:2.3:h:siemens:6gk5812-1ba00-2aa2:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	6gk6108-4am00-2ba2_firmware	*	cpe:2.3:o:siemens:6gk6108-4am00-2ba2_firmware::::::::
siemens	6gk6108-4am00-2ba2	-	cpe:2.3:h:siemens:6gk6108-4am00-2ba2:-:::::::*
siemens	6gk6108-4am00-2da2_firmware	*	cpe:2.3:o:siemens:6gk6108-4am00-2da2_firmware::::::::
siemens	6gk6108-4am00-2da2	-	cpe:2.3:h:siemens:6gk6108-4am00-2da2:-:::::::*
siemens	6gk5804-0ap00-2aa2_firmware	*	cpe:2.3:o:siemens:6gk5804-0ap00-2aa2_firmware::::::::
siemens	6gk5804-0ap00-2aa2	-	cpe:2.3:h:siemens:6gk5804-0ap00-2aa2:-:::::::*
siemens	6gk5812-1aa00-2aa2_firmware	*	cpe:2.3:o:siemens:6gk5812-1aa00-2aa2_firmware::::::::
siemens	6gk5812-1aa00-2aa2	-	cpe:2.3:h:siemens:6gk5812-1aa00-2aa2:-:::::::*
siemens	6gk5812-1ba00-2aa2_firmware	*	cpe:2.3:o:siemens:6gk5812-1ba00-2aa2_firmware::::::::
siemens	6gk5812-1ba00-2aa2	-	cpe:2.3:h:siemens:6gk5812-1ba00-2aa2:-:::::::*

Rows per page:

1-10 of 401

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "RUGGEDCOM RM1224 LTE(4G) EU",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V7.2.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "RUGGEDCOM RM1224 LTE(4G) NAM",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V7.2.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE M804PB",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V7.2.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE M812-1 ADSL-Router",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V7.2.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE M812-1 ADSL-Router",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V7.2.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE M816-1 ADSL-Router",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V7.2.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE M816-1 ADSL-Router",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V7.2.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE M826-2 SHDSL-Router",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V7.2.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE M874-2",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V7.2.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE M874-3",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V7.2.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE M876-3",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V7.2.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE M876-3 (ROK)",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V7.2.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE M876-4",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V7.2.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE M876-4 (EU)",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V7.2.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE M876-4 (NAM)",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V7.2.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE MUM853-1 (EU)",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V7.2.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE MUM856-1 (EU)",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V7.2.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE MUM856-1 (RoW)",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V7.2.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE S615 EEC LAN-Router",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V7.2.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE S615 LAN-Router",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V7.2.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

cert-portal.siemens.com/productcert/html/ssa-068047.html

cert-portal.siemens.com/productcert/html/ssa-602936.html

cert-portal.siemens.com/productcert/pdf/ssa-068047.pdf

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

17.0%

JSON

Related for CVE-2023-49692