#VU83425 Improper Neutralization of Special Elements in Output Used by a Downstream Component in Siemens products - CVE-2023-44373

Vulnerability identifier: #VU83425

Vulnerability risk: Low

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-44373

CWE-ID: CWE-74

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
SCALANCE XB205-3
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XB205-3LD
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XB208
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XB213-3
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XB213-3LD
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XB216
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XC206-2
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XC206-2G PoE
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XC206-2G PoE EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XC206-2SFP
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XC206-2SFP EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XC206-2SFP G
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XC206-2SFP G EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XC208
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XC208EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XC208G
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XC208G EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XC208G PoE
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XC216
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XC216-3G PoE
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XC216-4C
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XC216-4C G
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XC216-4C G EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XC216EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XC224
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XC224-4C G
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XC224-4C G EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XF204
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XF204 DNA
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XF204-2BA
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XF204-2BA DNA
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XP208
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XP208EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XP208PoE EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XP216
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XP216EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XP216POE EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XR324WG
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XR326-2C PoE WG
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XR328-4C WG
Hardware solutions / Routers & switches, VoIP, GSM, etc
SIPLUS NET SCALANCE XC206-2
Hardware solutions / Routers & switches, VoIP, GSM, etc
SIPLUS NET SCALANCE XC206-2SFP
Hardware solutions / Routers & switches, VoIP, GSM, etc
SIPLUS NET SCALANCE XC208
Hardware solutions / Routers & switches, VoIP, GSM, etc
SIPLUS NET SCALANCE XC216-4C
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor: Siemens

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation. A remote administrator can execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

SCALANCE XB205-3: before 4.5

SCALANCE XB205-3LD: before 4.5

SCALANCE XB208: before 4.5

SCALANCE XB213-3: before 4.5

SCALANCE XB213-3LD: before 4.5

SCALANCE XB216: before 4.5

SCALANCE XC206-2: before 4.5

SCALANCE XC206-2G PoE: before 4.5

SCALANCE XC206-2G PoE EEC: before 4.5

SCALANCE XC206-2SFP: before 4.5

SCALANCE XC206-2SFP EEC: before 4.5

SCALANCE XC206-2SFP G: before 4.5

SCALANCE XC206-2SFP G EEC: before 4.5

SCALANCE XC208: before 4.5

SCALANCE XC208EEC: before 4.5

SCALANCE XC208G: before 4.5

SCALANCE XC208G EEC: before 4.5

SCALANCE XC208G PoE: before 4.5

SCALANCE XC216: before 4.5

SCALANCE XC216-3G PoE: before 4.5

SCALANCE XC216-4C: before 4.5

SCALANCE XC216-4C G: before 4.5

SCALANCE XC216-4C G EEC: before 4.5

SCALANCE XC216EEC: before 4.5

SCALANCE XC224: before 4.5

SCALANCE XC224-4C G: before 4.5

SCALANCE XC224-4C G EEC: before 4.5

SCALANCE XF204: before 4.5

SCALANCE XF204 DNA: before 4.5

SCALANCE XF204-2BA: before 4.5

SCALANCE XF204-2BA DNA: before 4.5

SCALANCE XP208: before 4.5

SCALANCE XP208EEC: before 4.5

SCALANCE XP208PoE EEC: before 4.5

SCALANCE XP216: before 4.5

SCALANCE XP216EEC: before 4.5

SCALANCE XP216POE EEC: before 4.5

SCALANCE XR324WG: before 4.5

SCALANCE XR326-2C PoE WG: before 4.5

SCALANCE XR328-4C WG: before 4.5

SIPLUS NET SCALANCE XC206-2: before 4.5

SIPLUS NET SCALANCE XC206-2SFP: before 4.5

SIPLUS NET SCALANCE XC208: before 4.5

SIPLUS NET SCALANCE XC216-4C: before 4.5

---

External links
https://cert-portal.siemens.com/productcert/txt/ssa-699386.txt

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.