Details of VAR-202312-0198

ID

VAR-202312-0198

CVE

CVE-2023-49692

TITLE

in multiple Siemens products OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2023-019857

DESCRIPTION

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.2.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V7.2.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V7.2.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V7.2.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V7.2.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V7.2.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V7.2.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V7.2.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V7.2.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V7.2.2). An Improper Neutralization of Special Elements used in an OS Command with root privileges vulnerability exists in the parsing of the IPSEC configuration. This could allow malicious local administrators to issue commands on system level after a new connection is established. 6gk6108-4am00-2ba2 firmware, 6gk6108-4am00-2da2 firmware, 6gk5804-0ap00-2aa2 Several Siemens products, such as firmware, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SCALANCE M-800, MUM-800 and S615 as well as RUGGEDCOM RM1224 are industrial routers

Trust: 2.16

sources: NVD: CVE-2023-49692 // JVNDB: JVNDB-2023-019857 // CNVD: CNVD-2023-97257

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2023-97257

AFFECTED PRODUCTS

vendor:	siemens	model:	scalance m876-4	scope:	lt	version:	v7.2.2	Trust: 1.8
vendor:	siemens	model:	scalance m812-1 adsl-router	scope:	lt	version:	v7.2.2	Trust: 1.2
vendor:	siemens	model:	scalance m816-1 adsl-router	scope:	lt	version:	v7.2.2	Trust: 1.2
vendor:	siemens	model:	scalance m876-3	scope:	lt	version:	v7.2.2	Trust: 1.2
vendor:	siemens	model:	scalance mum856-1	scope:	lt	version:	v7.2.2	Trust: 1.2
vendor:	siemens	model:	6gk5876-3aa02-2ea2	scope:	lt	version:	7.2.2	Trust: 1.0
vendor:	siemens	model:	6gk5856-2ea00-3da1	scope:	lt	version:	7.2.2	Trust: 1.0
vendor:	siemens	model:	6gk5816-1ba00-2aa2	scope:	lt	version:	7.2.2	Trust: 1.0
vendor:	siemens	model:	6gk5812-1ba00-2aa2	scope:	lt	version:	7.2.2	Trust: 1.0
vendor:	siemens	model:	6gk6108-4am00-2ba2	scope:	lt	version:	7.2.2	Trust: 1.0
vendor:	siemens	model:	6gk5816-1aa00-2aa2	scope:	lt	version:	7.2.2	Trust: 1.0
vendor:	siemens	model:	6gk5856-2ea00-3aa1	scope:	lt	version:	7.2.2	Trust: 1.0
vendor:	siemens	model:	6gk5615-0aa00-2aa2	scope:	lt	version:	7.2.2	Trust: 1.0
vendor:	siemens	model:	6gk5874-3aa00-2aa2	scope:	lt	version:	7.2.2	Trust: 1.0
vendor:	siemens	model:	6gk5876-3aa02-2ba2	scope:	lt	version:	7.2.2	Trust: 1.0
vendor:	siemens	model:	6gk5876-4aa10-2ba2	scope:	lt	version:	7.2.2	Trust: 1.0
vendor:	siemens	model:	6gk5876-4aa00-2ba2	scope:	lt	version:	7.2.2	Trust: 1.0
vendor:	siemens	model:	6gk5874-2aa00-2aa2	scope:	lt	version:	7.2.2	Trust: 1.0
vendor:	siemens	model:	6gk5615-0aa01-2aa2	scope:	lt	version:	7.2.2	Trust: 1.0
vendor:	siemens	model:	6gk5826-2ab00-2ab2	scope:	lt	version:	7.2.2	Trust: 1.0
vendor:	siemens	model:	6gk5812-1aa00-2aa2	scope:	lt	version:	7.2.2	Trust: 1.0
vendor:	siemens	model:	6gk5853-2ea00-2da1	scope:	lt	version:	7.2.2	Trust: 1.0
vendor:	siemens	model:	6gk5804-0ap00-2aa2	scope:	lt	version:	7.2.2	Trust: 1.0
vendor:	siemens	model:	6gk6108-4am00-2da2	scope:	lt	version:	7.2.2	Trust: 1.0
vendor:	siemens	model:	6gk5876-4aa00-2da2	scope:	lt	version:	7.2.2	Trust: 1.0
vendor:	シーメンス	model:	6gk5856-2ea00-3aa1	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	6gk5812-1aa00-2aa2	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	6gk5615-0aa01-2aa2	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	6gk5615-0aa00-2aa2	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	6gk5856-2ea00-3da1	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	6gk5876-3aa02-2ea2	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	6gk5876-4aa00-2ba2	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	6gk5812-1ba00-2aa2	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	6gk5816-1ba00-2aa2	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	6gk6108-4am00-2da2	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	6gk5826-2ab00-2ab2	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	6gk5874-2aa00-2aa2	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	6gk6108-4am00-2ba2	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	6gk5876-4aa10-2ba2	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	6gk5876-3aa02-2ba2	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	6gk5816-1aa00-2aa2	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	6gk5876-4aa00-2da2	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	6gk5853-2ea00-2da1	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	6gk5874-3aa00-2aa2	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	6gk5804-0ap00-2aa2	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	ruggedcom rm1224 lte eu	scope:	lt	version:	v7.2.2	Trust: 0.6
vendor:	siemens	model:	ruggedcom rm1224 lte nam	scope:	lt	version:	v7.2.2	Trust: 0.6
vendor:	siemens	model:	scalance m804pb	scope:	lt	version:	v7.2.2	Trust: 0.6
vendor:	siemens	model:	scalance m826-2 shdsl-router	scope:	lt	version:	v7.2.2	Trust: 0.6
vendor:	siemens	model:	scalance m874-2	scope:	lt	version:	v7.2.2	Trust: 0.6
vendor:	siemens	model:	scalance m874-3	scope:	lt	version:	v7.2.2	Trust: 0.6
vendor:	siemens	model:	scalance mum853-1	scope:	lt	version:	v7.2.2	Trust: 0.6
vendor:	siemens	model:	scalance s615	scope:	lt	version:	v7.2.2	Trust: 0.6
vendor:	siemens	model:	scalance s615 eec	scope:	lt	version:	v7.2.2	Trust: 0.6

sources: CNVD: CNVD-2023-97257 // JVNDB: JVNDB-2023-019857 // NVD: CVE-2023-49692

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-49692
value:	MEDIUM
Trust: 1.0
productcert@siemens.com:	CVE-2023-49692
value:	HIGH
Trust: 1.0
NVD:	CVE-2023-49692
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2023-97257
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2023-97257
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:L/AU:M/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2023-49692
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
productcert@siemens.com:	CVE-2023-49692
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2023-49692
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2023-97257 // JVNDB: JVNDB-2023-019857 // NVD: CVE-2023-49692 // NVD: CVE-2023-49692

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.0
problemtype:	OS Command injection (CWE-78) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-019857 // NVD: CVE-2023-49692

PATCH

title:

Patch for Siemens SCALANCE M-800/S615 series operating system command injection vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/500316

Trust: 0.6

sources: CNVD: CNVD-2023-97257

EXTERNAL IDS

db:	NVD	id:	CVE-2023-49692	Trust: 3.2
db:	SIEMENS	id:	SSA-068047	Trust: 1.8
db:	SIEMENS	id:	SSA-602936	Trust: 1.0
db:	JVN	id:	JVNVU98271228	Trust: 0.8
db:	JVN	id:	JVNVU91198149	Trust: 0.8
db:	ICS CERT	id:	ICSA-23-348-13	Trust: 0.8
db:	ICS CERT	id:	ICSA-24-046-09	Trust: 0.8
db:	JVNDB	id:	JVNDB-2023-019857	Trust: 0.8
db:	SIEMENS	id:	SSA-077170	Trust: 0.6
db:	CNVD	id:	CNVD-2023-97257	Trust: 0.6

sources: CNVD: CNVD-2023-97257 // JVNDB: JVNDB-2023-019857 // NVD: CVE-2023-49692

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-068047.pdf	Trust: 1.8
url:	https://cert-portal.siemens.com/productcert/html/ssa-068047.html	Trust: 1.0
url:	https://cert-portal.siemens.com/productcert/html/ssa-602936.html	Trust: 1.0
url:	https://jvn.jp/vu/jvnvu98271228/	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu91198149/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-49692	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-13	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-09	Trust: 0.8
url:	https://cert-portal.siemens.com/productcert/html/ssa-077170.html	Trust: 0.6

sources: CNVD: CNVD-2023-97257 // JVNDB: JVNDB-2023-019857 // NVD: CVE-2023-49692

SOURCES

db:	CNVD	id:	CNVD-2023-97257
db:	JVNDB	id:	JVNDB-2023-019857
db:	NVD	id:	CVE-2023-49692

LAST UPDATE DATE

2024-08-14T12:16:28.465000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2023-97257	date:	2023-12-13T00:00:00
db:	JVNDB	id:	JVNDB-2023-019857	date:	2024-02-19T07:00:00
db:	NVD	id:	CVE-2023-49692	date:	2024-08-13T08:15:09.553

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2023-97257	date:	2023-12-13T00:00:00
db:	JVNDB	id:	JVNDB-2023-019857	date:	2024-01-15T00:00:00
db:	NVD	id:	CVE-2023-49692	date:	2023-12-12T12:15:16.203