Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-49691

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.0), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.0), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.0), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.0), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.0), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.0), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.0), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.0), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.0), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.0), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.0), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.0), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.0), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.0). An Improper Neutralization of Special Elements used in an OS Command with root privileges vulnerability exists in the handling of the DDNS configuration. This could allow malicious local administrators to issue commands on system level after a successful IP address update.

Published

2023-12-12T12:15:15.990

Last Modified

2024-11-21T08:33:42.023

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.2 (HIGH)

Weaknesses

Type: Primary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	siemens	6gk6108-4am00-2ba2_firmware	< 8.0	Yes
Hardware	siemens	6gk6108-4am00-2ba2	-	No
Operating System	siemens	6gk6108-4am00-2da2_firmware	< 8.0	Yes
Hardware	siemens	6gk6108-4am00-2da2	-	No
Operating System	siemens	6gk5804-0ap00-2aa2_firmware	< 8.0	Yes
Hardware	siemens	6gk5804-0ap00-2aa2	-	No
Operating System	siemens	6gk5812-1aa00-2aa2_firmware	< 8.0	Yes
Hardware	siemens	6gk5812-1aa00-2aa2	-	No
Operating System	siemens	6gk5812-1ba00-2aa2_firmware	< 8.0	Yes
Hardware	siemens	6gk5812-1ba00-2aa2	-	No
Operating System	siemens	6gk5816-1aa00-2aa2_firmware	< 8.0	Yes
Hardware	siemens	6gk5816-1aa00-2aa2	-	No
Operating System	siemens	6gk5816-1ba00-2aa2_firmware	< 8.0	Yes
Hardware	siemens	6gk5816-1ba00-2aa2	-	No
Operating System	siemens	6gk5826-2ab00-2ab2_firmware	< 8.0	Yes
Hardware	siemens	6gk5826-2ab00-2ab2	-	No
Operating System	siemens	6gk5874-2aa00-2aa2_firmware	< 8.0	Yes
Hardware	siemens	6gk5874-2aa00-2aa2	-	No
Operating System	siemens	6gk5874-3aa00-2aa2_firmware	< 8.0	Yes
Hardware	siemens	6gk5874-3aa00-2aa2	-	No
Operating System	siemens	6gk5876-3aa02-2ba2_firmware	< 8.0	Yes
Hardware	siemens	6gk5876-3aa02-2ba2	-	No
Operating System	siemens	6gk5876-3aa02-2ea2_firmware	< 8.0	Yes
Hardware	siemens	6gk5876-3aa02-2ea2	-	No
Operating System	siemens	6gk5876-4aa10-2ba2_firmware	< 8.0	Yes
Hardware	siemens	6gk5876-4aa10-2ba2	-	No
Operating System	siemens	6gk5876-4aa00-2ba2_firmware	< 8.0	Yes
Hardware	siemens	6gk5876-4aa00-2ba2	-	No
Operating System	siemens	6gk5876-4aa00-2da2_firmware	< 8.0	Yes
Hardware	siemens	6gk5876-4aa00-2da2	-	No
Operating System	siemens	6gk5853-2ea00-2da1_firmware	< 8.0	Yes
Hardware	siemens	6gk5853-2ea00-2da1	-	No
Operating System	siemens	6gk5856-2ea00-3da1_firmware	< 8.0	Yes
Hardware	siemens	6gk5856-2ea00-3da1	-	No
Operating System	siemens	6gk5856-2ea00-3aa1_firmware	< 8.0	Yes
Hardware	siemens	6gk5856-2ea00-3aa1	-	No
Operating System	siemens	6gk5615-0aa00-2aa2_firmware	< 8.0	Yes
Hardware	siemens	6gk5615-0aa00-2aa2	-	No
Operating System	siemens	6gk5615-0aa01-2aa2_firmware	< 8.0	Yes
Hardware	siemens	6gk5615-0aa01-2aa2	-	No

References

https://cert-portal.siemens.com/productcert/html/ssa-180704.html ([email protected])
https://cert-portal.siemens.com/productcert/html/ssa-602936.html ([email protected])
https://cert-portal.siemens.com/productcert/html/ssa-690517.html ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-180704.pdf Vendor Advisory ([email protected])
https://cert-portal.siemens.com/productcert/html/ssa-180704.html (af854a3a-2127-422b-91ae-364da2661108)
https://cert-portal.siemens.com/productcert/html/ssa-602936.html (af854a3a-2127-422b-91ae-364da2661108)
https://cert-portal.siemens.com/productcert/html/ssa-690517.html (af854a3a-2127-422b-91ae-364da2661108)
https://cert-portal.siemens.com/productcert/pdf/ssa-180704.pdf Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)