Denial of Service Risk in Siemens Configuration Interfaces
CVE-2023-44321
6.5MEDIUM
Key Information:
- Vendor
Siemens
- Status
- Vendor
- CVE Published:
- 14 November 2023
What is CVE-2023-44321?
Certain Siemens devices exhibit improper input validation during configuration changes in their web interface. This vulnerability allows authenticated attackers to exploit the input length checks, potentially leading to a denial of service condition. As a result of this vulnerability, access to the web interface may become unavailable, requiring the device to be restarted to regain access. Organizations using affected Siemens devices should take immediate action to apply mitigations and ensure network security.
Affected Version(s)
RUGGEDCOM RM1224 LTE(4G) EU 0
RUGGEDCOM RM1224 LTE(4G) NAM 0
SCALANCE M804PB 0