Security Flaw in RuggedCom Products by Siemens
CVE-2023-52237

7.5HIGH

Key Information:

Vendor: Siemens
Status: Ruggedcom I800; Ruggedcom I800nc; Ruggedcom I801; Ruggedcom I801nc
Vendor: CVE Published:; 9 July 2024

Summary

A significant vulnerability has been detected in various RuggedCom products manufactured by Siemens. The affected devices' web servers permit low privileged users to access critical data, specifically the password hashes and salts of all registered system users, including those with administrative privileges. An attacker who exploits this flaw could potentially utilize the exposed information to perform offline brute force attacks on user passwords, thereby compromising the security of the devices and the networks they operate within. It is essential for users of these devices to take immediate action to mitigate the risks associated with this vulnerability.

Affected Version(s)

RUGGEDCOM i800 0

RUGGEDCOM i800NC 0

RUGGEDCOM i801 0

References

https://cert-portal.siemens.com/productcert/html/ssa-1703...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 9, 2024