Improper Neutralization of Special Elements in DDNS Configuration Vulnerability in Siemens Devices
CVE-2023-49691

6.7MEDIUM

Key Information:

Vendor: Siemens
Status: Ruggedcom Rm1224 Lte(4g) Eu; Ruggedcom Rm1224 Lte(4g) Nam; Scalance M804pb; Scalance M812-1 Adsl-router
Vendor: CVE Published:; 12 December 2023

Summary

An improper neutralization flaw in the handling of Dynamic DNS (DDNS) configuration can allow a malicious local administrator to execute arbitrary commands with root privileges following a successful IP address update. This vulnerability can potentially compromise the integrity and security of the affected Siemens devices, making it critical for users to apply available security updates and mitigate any risks associated with this vulnerability.

Affected Version(s)

RUGGEDCOM RM1224 LTE(4G) EU 0

RUGGEDCOM RM1224 LTE(4G) NAM 0

SCALANCE M804PB 0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-18070...

https://cert-portal.siemens.com/productcert/html/ssa-1807...

https://cert-portal.siemens.com/productcert/html/ssa-6029...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 12, 2023
Vulnerability Reserved
Nov 29, 2023