Denial of Service Risk in Siemens Configuration Interfaces
CVE-2023-44321

5.1MEDIUM

Key Information:

Vendor: Siemens
Status: Ruggedcom Rm1224 Lte(4g) Eu; Ruggedcom Rm1224 Lte(4g) Nam; Scalance M804pb; Scalance M812-1 Adsl-router Family
Vendor: CVE Published:; 14 November 2023

What is CVE-2023-44321?

Certain Siemens devices exhibit improper input validation during configuration changes in their web interface. This vulnerability allows authenticated attackers to exploit the input length checks, potentially leading to a denial of service condition. As a result of this vulnerability, access to the web interface may become unavailable, requiring the device to be restarted to regain access. Organizations using affected Siemens devices should take immediate action to apply mitigations and ensure network security.

Affected Version(s)

RUGGEDCOM RM1224 LTE(4G) EU 0

RUGGEDCOM RM1224 LTE(4G) NAM 0

SCALANCE M804PB 0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-69938...

https://cert-portal.siemens.com/productcert/pdf/ssa-18070...

https://cert-portal.siemens.com/productcert/html/ssa-6993...

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Nov 14, 2023
Vulnerability Reserved
Sep 28, 2023

JSON