Details of VAR-202312-0199

ID

VAR-202312-0199

CVE

CVE-2023-49691

TITLE

in multiple Siemens products OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2023-019858

DESCRIPTION

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.0), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.0), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.0), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.0), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.0), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.0), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.0), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.0), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.0), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.0), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.0), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.0), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.0), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.0). An Improper Neutralization of Special Elements used in an OS Command with root privileges vulnerability exists in the handling of the DDNS configuration. This could allow malicious local administrators to issue commands on system level after a successful IP address update. 6gk6108-4am00-2ba2 firmware, 6gk6108-4am00-2da2 firmware, 6gk5804-0ap00-2aa2 Several Siemens products, such as firmware, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SCALANCE M-800, MUM-800 and S615 as well as RUGGEDCOM RM1224 are industrial routers. Siemens SCALANCE M-800/S615 series has an operating system command injection vulnerability that allows an attacker to execute commands on the system

Trust: 2.16

sources: NVD: CVE-2023-49691 // JVNDB: JVNDB-2023-019858 // CNVD: CNVD-2023-97258

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2023-97258

AFFECTED PRODUCTS

vendor:	siemens	model:	scalance m876-4	scope:	lt	version:	v8.0	Trust: 1.8
vendor:	siemens	model:	scalance m812-1 adsl-router	scope:	lt	version:	v8.0	Trust: 1.2
vendor:	siemens	model:	scalance m816-1 adsl-router	scope:	lt	version:	v8.0	Trust: 1.2
vendor:	siemens	model:	scalance m876-3	scope:	lt	version:	v8.0	Trust: 1.2
vendor:	siemens	model:	scalance mum856-1	scope:	lt	version:	v8.0	Trust: 1.2
vendor:	siemens	model:	6gk5876-3aa02-2ea2	scope:	lt	version:	8.0	Trust: 1.0
vendor:	siemens	model:	6gk6108-4am00-2ba2	scope:	lt	version:	8.0	Trust: 1.0
vendor:	siemens	model:	6gk5856-2ea00-3da1	scope:	lt	version:	8.0	Trust: 1.0
vendor:	siemens	model:	6gk5816-1ba00-2aa2	scope:	lt	version:	8.0	Trust: 1.0
vendor:	siemens	model:	6gk5812-1ba00-2aa2	scope:	lt	version:	8.0	Trust: 1.0
vendor:	siemens	model:	6gk5816-1aa00-2aa2	scope:	lt	version:	8.0	Trust: 1.0
vendor:	siemens	model:	6gk5615-0aa00-2aa2	scope:	lt	version:	8.0	Trust: 1.0
vendor:	siemens	model:	6gk5856-2ea00-3aa1	scope:	lt	version:	8.0	Trust: 1.0
vendor:	siemens	model:	6gk5876-4aa10-2ba2	scope:	lt	version:	8.0	Trust: 1.0
vendor:	siemens	model:	6gk5876-3aa02-2ba2	scope:	lt	version:	8.0	Trust: 1.0
vendor:	siemens	model:	6gk5615-0aa01-2aa2	scope:	lt	version:	8.0	Trust: 1.0
vendor:	siemens	model:	6gk5826-2ab00-2ab2	scope:	lt	version:	8.0	Trust: 1.0
vendor:	siemens	model:	6gk5874-3aa00-2aa2	scope:	lt	version:	8.0	Trust: 1.0
vendor:	siemens	model:	6gk5876-4aa00-2ba2	scope:	lt	version:	8.0	Trust: 1.0
vendor:	siemens	model:	6gk5874-2aa00-2aa2	scope:	lt	version:	8.0	Trust: 1.0
vendor:	siemens	model:	6gk5853-2ea00-2da1	scope:	lt	version:	8.0	Trust: 1.0
vendor:	siemens	model:	6gk5812-1aa00-2aa2	scope:	lt	version:	8.0	Trust: 1.0
vendor:	siemens	model:	6gk5804-0ap00-2aa2	scope:	lt	version:	8.0	Trust: 1.0
vendor:	siemens	model:	6gk5876-4aa00-2da2	scope:	lt	version:	8.0	Trust: 1.0
vendor:	siemens	model:	6gk6108-4am00-2da2	scope:	lt	version:	8.0	Trust: 1.0
vendor:	シーメンス	model:	6gk5853-2ea00-2da1	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	6gk5812-1aa00-2aa2	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	6gk5856-2ea00-3aa1	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	6gk5874-3aa00-2aa2	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	6gk5615-0aa00-2aa2	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	6gk5816-1ba00-2aa2	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	6gk5876-3aa02-2ea2	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	6gk5615-0aa01-2aa2	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	6gk5874-2aa00-2aa2	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	6gk5876-4aa00-2da2	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	6gk5876-4aa10-2ba2	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	6gk5876-3aa02-2ba2	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	6gk5816-1aa00-2aa2	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	6gk6108-4am00-2da2	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	6gk5804-0ap00-2aa2	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	6gk6108-4am00-2ba2	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	6gk5812-1ba00-2aa2	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	6gk5826-2ab00-2ab2	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	6gk5856-2ea00-3da1	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	6gk5876-4aa00-2ba2	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	ruggedcom rm1224 lte eu	scope:	lt	version:	v8.0	Trust: 0.6
vendor:	siemens	model:	ruggedcom rm1224 lte nam	scope:	lt	version:	v8.0	Trust: 0.6
vendor:	siemens	model:	scalance m804pb	scope:	lt	version:	v8.0	Trust: 0.6
vendor:	siemens	model:	scalance m826-2 shdsl-router	scope:	lt	version:	v8.0	Trust: 0.6
vendor:	siemens	model:	scalance m874-2	scope:	lt	version:	v8.0	Trust: 0.6
vendor:	siemens	model:	scalance m874-3	scope:	lt	version:	v8.0	Trust: 0.6
vendor:	siemens	model:	scalance mum853-1	scope:	lt	version:	v8.0	Trust: 0.6
vendor:	siemens	model:	scalance s615	scope:	lt	version:	v8.0	Trust: 0.6
vendor:	siemens	model:	scalance s615 eec	scope:	lt	version:	v8.0	Trust: 0.6

sources: CNVD: CNVD-2023-97258 // JVNDB: JVNDB-2023-019858 // NVD: CVE-2023-49691

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-49691
value:	MEDIUM
Trust: 1.0
productcert@siemens.com:	CVE-2023-49691
value:	HIGH
Trust: 1.0
NVD:	CVE-2023-49691
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2023-97258
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2023-97258
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:L/AU:M/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2023-49691
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
productcert@siemens.com:	CVE-2023-49691
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2023-49691
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2023-97258 // JVNDB: JVNDB-2023-019858 // NVD: CVE-2023-49691 // NVD: CVE-2023-49691

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.0
problemtype:	OS Command injection (CWE-78) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-019858 // NVD: CVE-2023-49691

PATCH

title:

Patch for Siemens SCALANCE M-800/S615 series operating system command injection vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/500366

Trust: 0.6

sources: CNVD: CNVD-2023-97258

EXTERNAL IDS

db:	NVD	id:	CVE-2023-49691	Trust: 3.2
db:	SIEMENS	id:	SSA-180704	Trust: 2.4
db:	SIEMENS	id:	SSA-602936	Trust: 1.0
db:	SIEMENS	id:	SSA-690517	Trust: 1.0
db:	JVN	id:	JVNVU91198149	Trust: 0.8
db:	JVN	id:	JVNVU93250330	Trust: 0.8
db:	JVN	id:	JVNVU98271228	Trust: 0.8
db:	ICS CERT	id:	ICSA-24-165-12	Trust: 0.8
db:	ICS CERT	id:	ICSA-24-046-09	Trust: 0.8
db:	ICS CERT	id:	ICSA-23-348-14	Trust: 0.8
db:	JVNDB	id:	JVNDB-2023-019858	Trust: 0.8
db:	CNVD	id:	CNVD-2023-97258	Trust: 0.6

sources: CNVD: CNVD-2023-97258 // JVNDB: JVNDB-2023-019858 // NVD: CVE-2023-49691

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-180704.pdf	Trust: 1.8
url:	https://cert-portal.siemens.com/productcert/html/ssa-180704.html	Trust: 1.6
url:	https://cert-portal.siemens.com/productcert/html/ssa-602936.html	Trust: 1.0
url:	https://cert-portal.siemens.com/productcert/html/ssa-690517.html	Trust: 1.0
url:	https://jvn.jp/vu/jvnvu98271228/	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu91198149/index.html	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu93250330/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-49691	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-14	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-09	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-12	Trust: 0.8

sources: CNVD: CNVD-2023-97258 // JVNDB: JVNDB-2023-019858 // NVD: CVE-2023-49691

SOURCES

db:	CNVD	id:	CNVD-2023-97258
db:	JVNDB	id:	JVNDB-2023-019858
db:	NVD	id:	CVE-2023-49691

LAST UPDATE DATE

2024-08-14T12:46:32.774000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2023-97258	date:	2023-12-13T00:00:00
db:	JVNDB	id:	JVNDB-2023-019858	date:	2024-06-17T05:39:00
db:	NVD	id:	CVE-2023-49691	date:	2024-08-13T08:15:09.340

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2023-97258	date:	2023-12-14T00:00:00
db:	JVNDB	id:	JVNDB-2023-019858	date:	2024-01-15T00:00:00
db:	NVD	id:	CVE-2023-49691	date:	2023-12-12T12:15:15.990