Multiple vulnerabilities in Siemens SCALANCE M-800/S615 Family

Published: 2023-12-13

Risk	Low
Patch available	YES
Number of vulnerabilities	2
CVE-ID	CVE-2023-44317 CVE-2023-49692
CWE-ID	CWE-349 CWE-78
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	SCALANCE S615 EEC Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE MUM856-1 (RoW) Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE MUM856-1 (EU) Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE MUM853-1 (EU) Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE M876-4 (NAM) Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE M876-4 (EU) Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE M876-4 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE M876-3 (ROK) Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE M876-3 (EVDO) Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE M874-3 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE M874-2 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE M826-2 SHDSL-Router Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE M816-1 ADSL-Router (Annex B) Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE M816-1 ADSL-Router (Annex A) Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE M812-1 ADSL-Router (Annex B) Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE M812-1 ADSL-Router (Annex A) Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE M804PB Hardware solutions / Routers & switches, VoIP, GSM, etc RUGGEDCOM RM1224 LTE(4G) NAM Hardware solutions / Routers & switches, VoIP, GSM, etc RUGGEDCOM RM1224 LTE(4G) EU Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE S615 Hardware solutions / Firmware
Vendor	Siemens

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Acceptance of Extraneous Untrusted Data With Trusted Data

EUVDB-ID: #VU83415

Risk: Low

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-44317

CWE-ID: CWE-349 - Acceptance of Extraneous Untrusted Data With Trusted Data

Exploit availability: No

Description

The vulnerability allows a remote user to compromise the target system.

The vulnerability exists due to the affected products do not properly validate the content of uploaded X509 certificates. A remote administrator can execute arbitrary code on the target device.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2.2

SCALANCE S615: before 7.2.2

SCALANCE MUM856-1 (RoW): before 7.2.2

SCALANCE MUM856-1 (EU): before 7.2.2

SCALANCE MUM853-1 (EU): before 7.2.2

SCALANCE M876-4 (NAM): before 7.2.2

SCALANCE M876-4 (EU): before 7.2.2

SCALANCE M876-4: before 7.2.2

SCALANCE M876-3 (ROK): before 7.2.2

SCALANCE M876-3 (EVDO): before 7.2.2

SCALANCE M874-3: before 7.2.2

SCALANCE M874-2: before 7.2.2

SCALANCE M826-2 SHDSL-Router: before 7.2.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2.2

SCALANCE M804PB: before 7.2.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2.2

CPE2.3

External links

https://cert-portal.siemens.com/productcert/txt/ssa-068047.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) OS Command Injection

EUVDB-ID: #VU84397