Authentication Bypass in Siemens RUGGEDCOM and SCALANCE Products
CVE-2023-44320

4.3MEDIUM

Key Information:

Vendor: Siemens
Status: Ruggedcom Rm1224 Lte(4g) Eu; Ruggedcom Rm1224 Lte(4g) Nam; Scalance M804pb; Scalance M812-1 Adsl-router
Vendor: CVE Published:; 14 November 2023

What is CVE-2023-44320?

A vulnerability exists in multiple Siemens RUGGEDCOM and SCALANCE products that allows an authenticated attacker to manipulate the web interface. Improper validation of the authentication process during specific administrative modifications enables unauthorized influence over the user configuration interface. This could allow attackers to modify settings or display false information, potentially leading to further exploitations within the network.

Affected Version(s)

RUGGEDCOM RM1224 LTE(4G) EU 0

RUGGEDCOM RM1224 LTE(4G) NAM 0

SCALANCE M804PB 0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-69938...

https://cert-portal.siemens.com/productcert/pdf/ssa-18070...

https://cert-portal.siemens.com/productcert/html/ssa-6993...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 14, 2023
Vulnerability Reserved
Sep 28, 2023