SB2024031320 - Multiple vulnerabilities in Siemens SCALANCE XB-200 / XC-200 / XP-200 / XF-200BA / XR-300WG Family 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024031320

SB2024031320 - Multiple vulnerabilities in Siemens SCALANCE XB-200 / XC-200 / XP-200 / XF-200BA / XR-300WG Family

Published: March 13, 2024

Security Bulletin ID SB2024031320
Severity
Low
Patch available
NO
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Use of Hard-coded Cryptographic Key (CVE-ID: CVE-2023-44318)

The vulnerability allows a remote user to compromise the target system.

The vulnerability exists due to the usage a hardcoded key to obfuscate the configuration backup that an administrator can export from the device. A remote administrator can obtain a configuration backup to extract configuration information from the exported file.


2) Resource exhaustion (CVE-ID: CVE-2023-44321)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote administrator can trigger resource exhaustion and perform a denial of service (DoS) attack.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References