Improper Neutralization of Special Elements in DDNS Configuration Vulnerability in Siemens Devices
CVE-2023-49691
6.7MEDIUM
Key Information:
- Vendor
Siemens
- Status
- Vendor
- CVE Published:
- 12 December 2023
What is CVE-2023-49691?
An improper neutralization flaw in the handling of Dynamic DNS (DDNS) configuration can allow a malicious local administrator to execute arbitrary commands with root privileges following a successful IP address update. This vulnerability can potentially compromise the integrity and security of the affected Siemens devices, making it critical for users to apply available security updates and mitigate any risks associated with this vulnerability.
Affected Version(s)
RUGGEDCOM RM1224 LTE(4G) EU 0
RUGGEDCOM RM1224 LTE(4G) NAM 0
SCALANCE M804PB 0