Improper Neutralization Vulnerability in Siemens RUGGEDCOM and SCALANCE Products
CVE-2023-49692

6.7MEDIUM

Key Information:

Vendor: Siemens
Status: Ruggedcom Rm1224 Lte(4g) Eu; Ruggedcom Rm1224 Lte(4g) Nam; Scalance M804pb; Scalance M812-1 Adsl-router
Vendor: CVE Published:; 12 December 2023

What is CVE-2023-49692?

A notable vulnerability has been discovered in Siemens' RUGGEDCOM and SCALANCE product lines, specifically impacting versions below V7.2.2. This security flaw is related to the improper handling of special elements during the parsing of IPSEC configurations. As a result, malicious local administrators may exploit this vulnerability to execute arbitrary commands at the system level following the establishment of a new connection. This could lead to significant breaches of security and unauthorized access to sensitive system functions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

RUGGEDCOM RM1224 LTE(4G) EU 0

RUGGEDCOM RM1224 LTE(4G) NAM 0

SCALANCE M804PB 0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-06804...

https://cert-portal.siemens.com/productcert/html/ssa-0680...

https://cert-portal.siemens.com/productcert/html/ssa-6029...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 12, 2023
Vulnerability Reserved
Nov 29, 2023

JSON

Siemens

What is CVE-2023-49692?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.