Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv3

CVE-2023-44317

Published: 14/11/2023 Updated: 13/02/2024
CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2
VMScore: 0
Subscribe to Siemens

Vulnerability Summary

Affected products do not properly validate the content of uploaded X509 certificates which could allow an attacker with administrative privileges to execute arbitrary code on the device.

Vulnerable Product Search on Vulmon Subscribe to Product

siemens scalance_xb208_\\(e\\/ip\\)_firmware -

siemens scalance_xb208_\\(pn\\)_firmware -

siemens scalance_xb216_\\(e\\/ip\\)_firmware -

siemens scalance_xb216_\\(pn\\)_firmware -

siemens scalance_xc206-2_\\(sc\\)_firmware -

siemens scalance_xc206-2_\\(st\\/bfoc\\)_firmware -

siemens scalance_xc206-2g_poe_firmware -

siemens scalance_xc206-2g_poe_\\(54_v_dc\\)_firmware -

siemens scalance_xc206-2g_poe_eec_\\(54_v_dc\\)_firmware -

siemens scalance_xc206-2sfp_firmware -

siemens scalance_xc206-2sfp_eec_firmware -

siemens scalance_xc206-2sfp_g_firmware -

siemens scalance_xc206-2sfp_g_\\(eip_def.\\)_firmware -

siemens scalance_xc206-2sfp_g_eec_firmware -

siemens scalance_xc208_firmware -

siemens scalance_xc208eec_firmware -

siemens scalance_xc208g_firmware -

siemens scalance_xc208g_\\(eip_def.\\)_firmware -

siemens scalance_xc208g_eec_firmware -

siemens scalance_xc208g_poe_firmware -

siemens scalance_xc208g_poe_\\(54_v_dc\\)_firmware -

siemens scalance_xc216_firmware -

siemens scalance_xc216-3g_poe_firmware -

siemens scalance_xc216-3g_poe_\\(54_v_dc\\)_firmware -

siemens scalance_xc216-4c_firmware -

siemens scalance_xc216-4c_g_firmware -

siemens scalance_xc216-4c_g_\\(eip_def.\\)_firmware -

siemens scalance_xc216-4c_g_eec_firmware -

siemens scalance_xc216eec_firmware -

siemens scalance_xc224_firmware -

siemens scalance_xc224-4c_g_firmware -

siemens scalance_xc224-4c_g_\\(eip_def.\\)_firmware -

siemens scalance_xc224-4c_g_eec_firmware -

siemens scalance_xf204_firmware -

siemens scalance_xf204_dna_firmware -

siemens scalance_xf204-2ba_firmware -

siemens scalance_xf204-2ba_dna_firmware -

siemens scalance_xp208_firmware -

siemens scalance_xp208_\\(ethernet\\/ip\\)_firmware -

siemens scalance_xp208eec_firmware -

siemens scalance_xp208poe_eec_firmware -

siemens scalance_xp216_firmware -

siemens scalance_xp216_\\(ethernet\\/ip\\)_firmware -

siemens scalance_xp216eec_firmware -

siemens scalance_xp216poe_eec_firmware -

siemens scalance_xr326-2c_poe_wg_firmware -

siemens scalance_xr326-2c_poe_wg_\\(without_ul\\)_firmware -

siemens siplus_net_scalance_xc206-2_firmware -

siemens siplus_net_scalance_xc206-2sfp_firmware -

siemens siplus_net_scalance_xc208_firmware -

siemens siplus_net_scalance_xc216-4c_firmware -

siemens scalance_xb205-3_\\(sc\\,_pn\\)_firmware -

siemens scalance_xb205-3_\\(st\\,_e\\/ip\\)_firmware -

siemens scalance_xb205-3_\\(st\\,_pn\\)_firmware -

siemens scalance_xb205-3ld_\\(sc\\,_e\\/ip\\)_firmware -

siemens scalance_xb205-3ld_\\(sc\\,_pn\\)_firmware -

siemens scalance_xb213-3_\\(sc\\,_e\\/ip\\)_firmware -

siemens scalance_xb213-3_\\(sc\\,_pn\\)_firmware -

siemens scalance_xb213-3_\\(st\\,_e\\/ip\\)_firmware -

siemens scalance_xb213-3_\\(st\\,_pn\\)_firmware -

siemens scalance_xb213-3ld_\\(sc\\,_e\\/ip\\)_firmware -

siemens scalance_xb213-3ld_\\(sc\\,_pn\\)_firmware -

siemens scalance_xr324wg_\\(24_x_fe\\,_ac_230v\\)_firmware -

siemens scalance_xr324wg_\\(24_x_fe\\,_dc_24v\\)_firmware -

siemens scalance_xr328-4c_wg_\\(24xfe\\,_4xge\\,_24v\\)_firmware -

siemens scalance_xr328-4c_wg_\\(24xfe\\,_4xge\\,dc24v\\)_firmware -

siemens scalance_xr328-4c_wg_\\(24xfe\\,4xge\\,ac230v\\)_firmware -

siemens scalance_xr328-4c_wg_\\(28xge\\,_ac_230v\\)_firmware -

siemens scalance_xr328-4c_wg_\\(28xge\\,_dc_24v\\)_firmware -

ICS Advisories

https://ics-cert.us-cert.gov/advisories/50b3331b144076167625eb4ae22ea3a4
Critical Infrastructure Sectors: Critical Manufacturing
https://ics-cert.us-cert.gov/advisories/71cffbbb5782b9d4ff8663dd3e2f52c6
https://ics-cert.us-cert.gov/advisories/0520e0d3bcca7616a258c99b3e14685a
Critical Infrastructure Sectors: Critical Manufacturing

References

CWE-349https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-068047.pdfhttps://cert-portal.siemens.com/productcert/html/ssa-699386.htmlhttps://cert-portal.siemens.com/productcert/html/ssa-068047.htmlhttps://cert-portal.siemens.com/productcert/html/ssa-602936.htmlhttps://nvd.nist.govhttps://www.cisa.gov/news-events/ics-advisories/icsa-23-348-13
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firmwareCVE-2023-52866CVE-2024-4367CVE-2024-1721CVE-2023-34992XML injectionCVE-2023-52817SQLCVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook