SB2023121423 - Multiple vulnerabilities in Siemens SCALANCE M-800/S615 Family 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023121423

SB2023121423 - Multiple vulnerabilities in Siemens SCALANCE M-800/S615 Family

Published: December 14, 2023

Security Bulletin ID SB2023121423
Severity
Low
Patch available
NO
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Use of Hard-coded Cryptographic Key (CVE-ID: CVE-2023-44318)

The vulnerability allows a remote user to compromise the target system.

The vulnerability exists due to the usage a hardcoded key to obfuscate the configuration backup that an administrator can export from the device. A remote administrator can obtain a configuration backup to extract configuration information from the exported file.


2) Direct Request ('Forced Browsing') (CVE-ID: CVE-2023-44320)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to improper authentication when performing certain modifications in the web interface. A remote user can influence the user interface configured by an administrator.


3) Resource exhaustion (CVE-ID: CVE-2023-44321)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote administrator can trigger resource exhaustion and perform a denial of service (DoS) attack.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References