ID

VAR-202311-0437


CVE

CVE-2023-44374


TITLE

Asynchronous access vulnerability to shared data in multiple Siemens products in a multi-threaded context

Trust: 0.6

sources: CNVD: CNVD-2023-86590

DESCRIPTION

Affected devices allow to change the password, but insufficiently check which password is to be changed. With this an authenticated attacker could, under certain conditions, be able to change the password of another, potential admin user allowing her to escalate her privileges. SCALANCE M-800, MUM-800 and S615 as well as RUGGEDCOM RM1224 are industrial routers. SCALANCE W products are wireless communication devices for connecting industrial components, such as programmable logic controllers (PLCs) or human machine interfaces (HMIs), in compliance with the IEEE 802.11 standards (802.11ac, 802.11a/b/g/h and/or 802.11n). The SCALANCE W-1700 product is a wireless communication device based on the IEEE 802.11ac standard. They are used to connect various WLAN devices (access points or clients, depending on the operating mode), focusing on industrial components such as programmable logic controllers (PLCs) or human machine interfaces (HMIs), etc. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLCs) or human-machine interfaces (HMIs). Multiple Siemens products have an asynchronous access vulnerability to shared data in a multi-threaded context. A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, PN) (All versions < V4.5), SCALANCE XB205-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB205-3LD (SC, PN) (All versions < V4.5), SCALANCE XB208 (E/IP) (All versions < V4.5), SCALANCE XB208 (PN) (All versions < V4.5), SCALANCE XB213-3 (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3 (SC, PN) (All versions < V4.5), SCALANCE XB213-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB213-3 (ST, PN) (All versions < V4.5), SCALANCE XB213-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3LD (SC, PN) (All versions < V4.5), SCALANCE XB216 (E/IP) (All versions < V4.5), SCALANCE XB216 (PN) (All versions < V4.5), SCALANCE XC206-2 (SC) (All versions < V4.5), SCALANCE XC206-2 (ST/BFOC) (All versions < V4.5), SCALANCE XC206-2G PoE (All versions < V4.5), SCALANCE XC206-2G PoE (54 V DC) (All versions < V4.5), SCALANCE XC206-2G PoE EEC (54 V DC) (All versions < V4.5), SCALANCE XC206-2SFP (All versions < V4.5), SCALANCE XC206-2SFP EEC (All versions < V4.5), SCALANCE XC206-2SFP G (All versions < V4.5), SCALANCE XC206-2SFP G (EIP DEF.) (All versions < V4.5), SCALANCE XC206-2SFP G EEC (All versions < V4.5), SCALANCE XC208 (All versions < V4.5), SCALANCE XC208EEC (All versions < V4.5), SCALANCE XC208G (All versions < V4.5), SCALANCE XC208G (EIP def.) (All versions < V4.5), SCALANCE XC208G EEC (All versions < V4.5), SCALANCE XC208G PoE (All versions < V4.5), SCALANCE XC208G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216 (All versions < V4.5), SCALANCE XC216-3G PoE (All versions < V4.5), SCALANCE XC216-3G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216-4C (All versions < V4.5), SCALANCE XC216-4C G (All versions < V4.5), SCALANCE XC216-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC216-4C G EEC (All versions < V4.5), SCALANCE XC216EEC (All versions < V4.5), SCALANCE XC224 (All versions < V4.5), SCALANCE XC224-4C G (All versions < V4.5), SCALANCE XC224-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC224-4C G EEC (All versions < V4.5), SCALANCE XF204 (All versions < V4.5), SCALANCE XF204 DNA (All versions < V4.5), SCALANCE XF204-2BA (All versions < V4.5), SCALANCE XF204-2BA DNA (All versions < V4.5), SCALANCE XP208 (All versions < V4.5), SCALANCE XP208 (Ethernet/IP) (All versions < V4.5), SCALANCE XP208EEC (All versions < V4.5), SCALANCE XP208PoE EEC (All versions < V4.5), SCALANCE XP216 (All versions < V4.5), SCALANCE XP216 (Ethernet/IP) (All versions < V4.5), SCALANCE XP216EEC (All versions < V4.5), SCALANCE XP216POE EEC (All versions < V4.5), SCALANCE XR324WG (24 x FE, AC 230V) (All versions < V4.5), SCALANCE XR324WG (24 X FE, DC 24V) (All versions < V4.5), SCALANCE XR326-2C PoE WG (All versions < V4.5), SCALANCE XR326-2C PoE WG (without UL) (All versions < V4.5), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, AC 230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, DC 24V) (All versions < V4.5), SIPLUS NET SCALANCE XC206-2 (All versions < V4.5), SIPLUS NET SCALANCE XC206-2SFP (All versions < V4.5), SIPLUS NET SCALANCE XC208 (All versions < V4.5), SIPLUS NET SCALANCE XC216-4C (All versions < V4.5)

Trust: 1.53

sources: NVD: CVE-2023-44374 // CNVD: CNVD-2023-86590 // VULMON: CVE-2023-44374

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2023-86590

AFFECTED PRODUCTS

vendor:siemensmodel:6gk5328-4ss00-2ar3scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5208-0ha00-2as6scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5205-3bb00-2ab2scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5208-0ra00-5ac2scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5208-0ga00-2fc2scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5224-4gs00-2tc2scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5216-3rs00-2ac2scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5208-0ba00-2fc2scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5205-3bb00-2tb2scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5206-2gs00-2fc2scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5328-4fs00-3rr3scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5216-0ba00-2fc2scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5206-2rs00-5ac2scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5328-4ss00-3ar3scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6ag1208-0ba00-7ac2scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5216-0ua00-5es6scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5216-4bs00-2ac2scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5205-3bd00-2ab2scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5208-0ga00-2ac2scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5216-4gs00-2tc2scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6ag1206-2bb00-7ac2scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5208-0ba00-2tb2scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5205-3bd00-2tb2scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5216-0ba00-2tb2scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5208-0ga00-2tc2scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5224-4gs00-2ac2scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5205-3bf00-2ab2scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5208-0ua00-5es6scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5216-0ha00-2as6scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5216-0ha00-2ts6scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5324-0ba00-2ar3scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5328-4fs00-2rr3scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5204-2aa00-2yf2scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5206-2rs00-5fc2scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5213-3bf00-2tb2scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5213-3bd00-2ab2scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5213-3bb00-2ab2scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5326-2qs00-3ar3scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5326-2qs00-3rr3scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5328-4fs00-3ar3scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5208-0ha00-2ts6scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5216-0ba00-2ab2scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5224-4gs00-2fc2scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5216-3rs00-5ac2scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5328-4fs00-2ar3scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5208-0ha00-2es6scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5213-3bf00-2ab2scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5206-2bb00-2ac2scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5216-4gs00-2fc2scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5324-0ba00-3ar3scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5213-3bd00-2tb2scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5206-2bd00-2ac2scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5205-3bf00-2tb2scope:lteversion:4.5

Trust: 1.0

vendor:siemensmodel:6ag1206-2bs00-7ac2scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5204-2aa00-2gf2scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5206-2rs00-2ac2scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5208-0ba00-2ab2scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5206-2gs00-2tc2scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5208-0ba00-2ac2scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5204-0ba00-2yf2scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6ag1216-4bs00-7ac2scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5224-0ba00-2ac2scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5208-0ra00-2ac2scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5216-0ha00-2es6scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5213-3bb00-2tb2scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5206-2bs00-2fc2scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5216-0ba00-2ac2scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5216-4gs00-2ac2scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5206-2gs00-2ac2scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5204-0ba00-2gf2scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:6gk5206-2bs00-2ac2scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:scalance xc216eecscope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xc224scope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xc224-4c gscope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xc224-4c g eecscope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xf204scope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xf204 dnascope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xf204-2bascope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xf204-2ba dnascope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xp208scope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xp208eecscope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xp208poe eecscope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xp216scope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xp216eecscope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xp216poe eecscope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xr324wgscope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xr326-2c poe wgscope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xr328-4c wgscope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:siplus net scalance xc206-2scope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:siplus net scalance xc206-2sfpscope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:siplus net scalance xc208scope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:siplus net scalance xc216-4cscope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xc206-2g poescope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xc206-2g poe eecscope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xc206-2sfpscope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xc206-2sfp eecscope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xc206-2sfp gscope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xc208eecscope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xc208gscope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xc208g eecscope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xc208g poescope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xc216scope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xc216-3g poescope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xc216-4cscope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xc216-4c gscope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xc216-4c g eecscope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xb205-3scope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xb205-3ldscope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xb208scope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xb213-3scope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xb213-3ldscope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xb216scope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xc206-2scope:ltversion:4.5

Trust: 0.6

sources: CNVD: CNVD-2023-86590 // NVD: CVE-2023-44374

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2023-44374
value: HIGH

Trust: 1.0

productcert@siemens.com: CVE-2023-44374
value: MEDIUM

Trust: 1.0

CNVD: CNVD-2023-86590
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2023-86590
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:C/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

NVD:
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

productcert@siemens.com:
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2023-86590 // NVD: CVE-2023-44374 // NVD: CVE-2023-44374

PROBLEMTYPE DATA

problemtype:CWE-567

Trust: 1.0

sources: NVD: CVE-2023-44374

CONFIGURATIONS

sources: NVD: CVE-2023-44374

PATCH

title:Patch for Asynchronous access vulnerability to shared data in multiple Siemens products in a multi-threaded contexturl:https://www.cnvd.org.cn/patchinfo/show/482376

Trust: 0.6

sources: CNVD: CNVD-2023-86590

EXTERNAL IDS

db:SIEMENSid:SSA-699386

Trust: 1.7

db:NVDid:CVE-2023-44374

Trust: 1.7

db:SIEMENSid:SSA-690517

Trust: 1.0

db:SIEMENSid:SSA-180704

Trust: 1.0

db:CNVDid:CNVD-2023-86590

Trust: 0.6

db:ICS CERTid:ICSA-23-320-08

Trust: 0.1

db:VULMONid:CVE-2023-44374

Trust: 0.1

sources: CNVD: CNVD-2023-86590 // VULMON: CVE-2023-44374 // NVD: CVE-2023-44374

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-699386.html

Trust: 1.6

url:https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf

Trust: 1.1

url:https://cert-portal.siemens.com/productcert/html/ssa-180704.html

Trust: 1.0

url:https://cert-portal.siemens.com/productcert/html/ssa-690517.html

Trust: 1.0

url:https://cert-portal.siemens.com/productcert/pdf/ssa-180704.pdf

Trust: 1.0

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-08

Trust: 0.1

sources: CNVD: CNVD-2023-86590 // VULMON: CVE-2023-44374 // NVD: CVE-2023-44374

SOURCES

db:CNVDid:CNVD-2023-86590
db:VULMONid:CVE-2023-44374
db:NVDid:CVE-2023-44374

LAST UPDATE DATE

2024-06-12T21:29:04.831000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2023-86590date:2023-11-15T00:00:00
db:VULMONid:CVE-2023-44374date:2023-11-14T00:00:00
db:NVDid:CVE-2023-44374date:2024-06-11T09:15:15.990

SOURCES RELEASE DATE

db:CNVDid:CNVD-2023-86590date:2023-11-15T00:00:00
db:VULMONid:CVE-2023-44374date:2023-11-14T00:00:00
db:NVDid:CVE-2023-44374date:2023-11-14T11:15:13.753