Denial of Service Risk in Siemens Configuration Interfaces
CVE-2023-44321

6.5MEDIUM

Key Information:

Vendor: Siemens
Status: Ruggedcom Rm1224 Lte(4g) Eu; Ruggedcom Rm1224 Lte(4g) Nam; Scalance M804pb; Scalance M812-1 Adsl-router Family
Vendor: CVE Published:; 14 November 2023

Summary

Certain Siemens devices exhibit improper input validation during configuration changes in their web interface. This vulnerability allows authenticated attackers to exploit the input length checks, potentially leading to a denial of service condition. As a result of this vulnerability, access to the web interface may become unavailable, requiring the device to be restarted to regain access. Organizations using affected Siemens devices should take immediate action to apply mitigations and ensure network security.

Affected Version(s)

RUGGEDCOM RM1224 LTE(4G) EU 0

RUGGEDCOM RM1224 LTE(4G) NAM 0

SCALANCE M804PB 0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-69938...

https://cert-portal.siemens.com/productcert/pdf/ssa-18070...

https://cert-portal.siemens.com/productcert/html/ssa-6993...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 14, 2023
Vulnerability Reserved
Sep 28, 2023