As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
1. EXECUTIVE SUMMARY
- CVSS v4 8.7
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: RUGGEDCOM
- Vulnerabilities: Exposure of Sensitive Information to an Unauthorized Actor, Incorrect Privilege Assignment, Exposure of Sensitive System Information to an Unauthorized Control Sphere
2. RISK EVALUATION
Successful exploitation could allow an attacker to obtain user credentials, the MACSEC key, or create a remote shell to the affected system.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following products of Siemens, are affected:
- RUGGEDCOM i800: Versions prior to V4.3.10 (CVE-2023-52237)
- RUGGEDCOM i800NC: Versions prior to V4.3.10 (CVE-2023-52237)
- RUGGEDCOM i801: Versions prior to V4.3.10 (CVE-2023-52237)
- RUGGEDCOM i801NC: Versions prior to V4.3.10 (CVE-2023-52237)
- RUGGEDCOM i802: Versions prior to V4.3.10 (CVE-2023-52237)
- RUGGEDCOM i802NC: Versions prior to V4.3.10 (CVE-2023-52237)
- RUGGEDCOM i803: Versions prior to V4.3.10 (CVE-2023-52237)
- RUGGEDCOM i803NC: Versions prior to V4.3.10 (CVE-2023-52237)
- RUGGEDCOM M969: Versions prior to V4.3.10 (CVE-2023-52237)
- RUGGEDCOM M969NC: Versions prior to V4.3.10 (CVE-2023-52237)
- RUGGEDCOM M2100: Versions prior to V4.3.10 (CVE-2023-52237)
- RUGGEDCOM M2100NC: Versions prior to V4.3.10 (CVE-2023-52237)
- RUGGEDCOM M2200: Versions prior to V4.3.10 (CVE-2023-52237)
- RUGGEDCOM M2200NC: Versions prior to V4.3.10 (CVE-2023-52237)
- RUGG
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from All CISA AdvisoriesRead the original article: