ID

VAR-202311-0440


CVE

CVE-2023-44317


TITLE

Untrusted irrelevant data acceptance vulnerability when accepting trusted data in multiple Siemens products

Trust: 0.8

sources: JVNDB: JVNDB-2023-017563

DESCRIPTION

Affected products do not properly validate the content of uploaded X509 certificates which could allow an attacker with administrative privileges to execute arbitrary code on the device. scalance xb208 (e/ip) firmware, scalance xb208 (pn) firmware, scalance xb216 (e/ip) Multiple Siemens products, including firmware, contain vulnerabilities that allow untrusted, unrelated data to be accepted when trusted data is accepted.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SCALANCE M-800, MUM-800 and S615 as well as RUGGEDCOM RM1224 are industrial routers. SCALANCE W products are wireless communication devices for connecting industrial components, such as programmable logic controllers (PLCs) or human machine interfaces (HMIs), in compliance with the IEEE 802.11 standards (802.11ac, 802.11a/b/g/h and/or 802.11n). The SCALANCE W-1700 product is a wireless communication device based on the IEEE 802.11ac standard. They are used to connect various WLAN devices (access points or clients, depending on the operating mode), focusing on industrial components such as programmable logic controllers (PLC) or human machine interfaces (HMI), etc. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLCs) or human-machine interfaces (HMIs). A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, PN) (All versions < V4.5), SCALANCE XB205-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB205-3LD (SC, PN) (All versions < V4.5), SCALANCE XB208 (E/IP) (All versions < V4.5), SCALANCE XB208 (PN) (All versions < V4.5), SCALANCE XB213-3 (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3 (SC, PN) (All versions < V4.5), SCALANCE XB213-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB213-3 (ST, PN) (All versions < V4.5), SCALANCE XB213-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3LD (SC, PN) (All versions < V4.5), SCALANCE XB216 (E/IP) (All versions < V4.5), SCALANCE XB216 (PN) (All versions < V4.5), SCALANCE XC206-2 (SC) (All versions < V4.5), SCALANCE XC206-2 (ST/BFOC) (All versions < V4.5), SCALANCE XC206-2G PoE (All versions < V4.5), SCALANCE XC206-2G PoE (54 V DC) (All versions < V4.5), SCALANCE XC206-2G PoE EEC (54 V DC) (All versions < V4.5), SCALANCE XC206-2SFP (All versions < V4.5), SCALANCE XC206-2SFP EEC (All versions < V4.5), SCALANCE XC206-2SFP G (All versions < V4.5), SCALANCE XC206-2SFP G (EIP DEF.) (All versions < V4.5), SCALANCE XC206-2SFP G EEC (All versions < V4.5), SCALANCE XC208 (All versions < V4.5), SCALANCE XC208EEC (All versions < V4.5), SCALANCE XC208G (All versions < V4.5), SCALANCE XC208G (EIP def.) (All versions < V4.5), SCALANCE XC208G EEC (All versions < V4.5), SCALANCE XC208G PoE (All versions < V4.5), SCALANCE XC208G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216 (All versions < V4.5), SCALANCE XC216-3G PoE (All versions < V4.5), SCALANCE XC216-3G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216-4C (All versions < V4.5), SCALANCE XC216-4C G (All versions < V4.5), SCALANCE XC216-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC216-4C G EEC (All versions < V4.5), SCALANCE XC216EEC (All versions < V4.5), SCALANCE XC224 (All versions < V4.5), SCALANCE XC224-4C G (All versions < V4.5), SCALANCE XC224-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC224-4C G EEC (All versions < V4.5), SCALANCE XF204 (All versions < V4.5), SCALANCE XF204 DNA (All versions < V4.5), SCALANCE XF204-2BA (All versions < V4.5), SCALANCE XF204-2BA DNA (All versions < V4.5), SCALANCE XP208 (All versions < V4.5), SCALANCE XP208 (Ethernet/IP) (All versions < V4.5), SCALANCE XP208EEC (All versions < V4.5), SCALANCE XP208PoE EEC (All versions < V4.5), SCALANCE XP216 (All versions < V4.5), SCALANCE XP216 (Ethernet/IP) (All versions < V4.5), SCALANCE XP216EEC (All versions < V4.5), SCALANCE XP216POE EEC (All versions < V4.5), SCALANCE XR324WG (24 x FE, AC 230V) (All versions < V4.5), SCALANCE XR324WG (24 X FE, DC 24V) (All versions < V4.5), SCALANCE XR326-2C PoE WG (All versions < V4.5), SCALANCE XR326-2C PoE WG (without UL) (All versions < V4.5), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, AC 230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, DC 24V) (All versions < V4.5), SIPLUS NET SCALANCE XC206-2 (All versions < V4.5), SIPLUS NET SCALANCE XC206-2SFP (All versions < V4.5), SIPLUS NET SCALANCE XC208 (All versions < V4.5), SIPLUS NET SCALANCE XC216-4C (All versions < V4.5)

Trust: 2.25

sources: NVD: CVE-2023-44317 // JVNDB: JVNDB-2023-017563 // CNVD: CNVD-2023-86597 // VULMON: CVE-2023-44317

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2023-86597

AFFECTED PRODUCTS

vendor:siemensmodel:scalance xr328-4c wg \scope:eqversion: -

Trust: 5.0

vendor:siemensmodel:scalance xb213-3 \scope:eqversion: -

Trust: 4.0

vendor:siemensmodel:scalance xb205-3 \scope:eqversion: -

Trust: 3.0

vendor:siemensmodel:scalance xb205-3ld \scope:eqversion: -

Trust: 2.0

vendor:siemensmodel:scalance xc206-2 \scope:eqversion: -

Trust: 2.0

vendor:siemensmodel:scalance xr324wg \scope:eqversion: -

Trust: 2.0

vendor:siemensmodel:scalance xb216 \scope:eqversion: -

Trust: 2.0

vendor:siemensmodel:scalance xb208 \scope:eqversion: -

Trust: 2.0

vendor:siemensmodel:scalance xb213-3ld \scope:eqversion: -

Trust: 2.0

vendor:シーメンスmodel:scalance xb208scope: - version: -

Trust: 1.6

vendor:シーメンスmodel:scalance xc206-2sfp gscope: - version: -

Trust: 1.6

vendor:シーメンスmodel:scalance xc206-2scope: - version: -

Trust: 1.6

vendor:シーメンスmodel:scalance xc206-2g poescope: - version: -

Trust: 1.6

vendor:シーメンスmodel:scalance xc208gscope: - version: -

Trust: 1.6

vendor:シーメンスmodel:scalance xb216scope: - version: -

Trust: 1.6

vendor:siemensmodel:scalance xc224-4c gscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc216-4c g \scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xf204 dnascope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc206-2g poescope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xp208scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xp208poe eecscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc216-4c gscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:siplus net scalance xc208scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xp208eecscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xr326-2c poe wgscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xf204-2ba dnascope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc208g eecscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc224scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc224-4c g \scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc206-2g poe eec \scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:siplus net scalance xc206-2sfpscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc208g \scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xr326-2c poe wg \scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xp216poe eecscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc206-2sfp g \scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xf204-2bascope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc216scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc208g poescope:eqversion: -

Trust: 1.0

vendor:siemensmodel:siplus net scalance xc206-2scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xp216 \scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc216-3g poescope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc208eecscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc206-2sfpscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc208g poe \scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc216-4cscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xp208 \scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc206-2sfp gscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xp216scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xf204scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc216-3g poe \scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc206-2sfp eecscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc208scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc208gscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:siplus net scalance xc216-4cscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc206-2sfp g eecscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xp216eecscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc216-4c g eecscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc216eecscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc206-2g poe \scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc224-4c g eecscope:eqversion: -

Trust: 1.0

vendor:シーメンスmodel:scalance xc208scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance xc206-2sfp eecscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance xc206-2sfp g eecscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance xc208eecscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance xc208g poescope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance xc208g eecscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance xc206-2g poe eecscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance xc206-2sfpscope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance xc216eecscope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xc224scope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xc224-4c gscope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xc224-4c g eecscope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xf204scope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xf204 dnascope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xf204-2bascope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xf204-2ba dnascope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xp208scope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xp208eecscope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xp208poe eecscope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xp216scope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xp216eecscope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xp216poe eecscope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xr324wgscope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xr326-2c poe wgscope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xr328-4c wgscope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:siplus net scalance xc206-2scope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:siplus net scalance xc206-2sfpscope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:siplus net scalance xc208scope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:siplus net scalance xc216-4cscope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xc206-2g poescope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xc206-2g poe eecscope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xc206-2sfpscope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xc206-2sfp eecscope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xc206-2sfp gscope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xc208eecscope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xc208gscope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xc208g eecscope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xc208g poescope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xc216scope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xc216-3g poescope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xc216-4cscope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xc216-4c gscope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xc216-4c g eecscope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xb205-3scope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xb205-3ldscope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xb208scope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xb213-3scope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xb213-3ldscope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xb216scope:ltversion:4.5

Trust: 0.6

vendor:siemensmodel:scalance xc206-2scope:ltversion:4.5

Trust: 0.6

sources: CNVD: CNVD-2023-86597 // JVNDB: JVNDB-2023-017563 // NVD: CVE-2023-44317

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2023-44317
value: HIGH

Trust: 1.0

OTHER: JVNDB-2023-017563
value: HIGH

Trust: 0.8

CNVD: CNVD-2023-86597
value: HIGH

Trust: 0.6

CNVD: CNVD-2023-86597
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

productcert@siemens.com:
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2023-017563
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2023-86597 // JVNDB: JVNDB-2023-017563 // NVD: CVE-2023-44317

PROBLEMTYPE DATA

problemtype:CWE-349

Trust: 1.0

problemtype:Accepting untrusted irrelevant data when accepting trusted data (CWE-349) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-017563 // NVD: CVE-2023-44317

CONFIGURATIONS

sources: NVD: CVE-2023-44317

PATCH

title:Patch for Multiple Siemens products use trusted data to accept unrelated untrusted data vulnerabilitiesurl:https://www.cnvd.org.cn/patchinfo/show/482166

Trust: 0.6

sources: CNVD: CNVD-2023-86597

EXTERNAL IDS

db:NVDid:CVE-2023-44317

Trust: 3.3

db:SIEMENSid:SSA-699386

Trust: 2.5

db:SIEMENSid:SSA-068047

Trust: 1.8

db:SIEMENSid:SSA-690517

Trust: 1.0

db:SIEMENSid:SSA-602936

Trust: 1.0

db:ICS CERTid:ICSA-23-320-08

Trust: 0.9

db:ICS CERTid:ICSA-24-046-09

Trust: 0.8

db:ICS CERTid:ICSA-23-348-13

Trust: 0.8

db:JVNid:JVNVU98271228

Trust: 0.8

db:JVNid:JVNVU91198149

Trust: 0.8

db:JVNid:JVNVU92598492

Trust: 0.8

db:JVNDBid:JVNDB-2023-017563

Trust: 0.8

db:CNVDid:CNVD-2023-86597

Trust: 0.6

db:VULMONid:CVE-2023-44317

Trust: 0.1

sources: CNVD: CNVD-2023-86597 // VULMON: CVE-2023-44317 // JVNDB: JVNDB-2023-017563 // NVD: CVE-2023-44317

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf

Trust: 1.9

url:https://cert-portal.siemens.com/productcert/pdf/ssa-068047.pdf

Trust: 1.8

url:https://cert-portal.siemens.com/productcert/html/ssa-699386.html

Trust: 1.6

url:https://cert-portal.siemens.com/productcert/html/ssa-068047.html

Trust: 1.0

url:https://cert-portal.siemens.com/productcert/html/ssa-602936.html

Trust: 1.0

url:https://cert-portal.siemens.com/productcert/html/ssa-690517.html

Trust: 1.0

url:https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-08

Trust: 0.9

url:https://jvn.jp/vu/jvnvu92598492/

Trust: 0.8

url:https://jvn.jp/vu/jvnvu98271228/

Trust: 0.8

url:https://jvn.jp/vu/jvnvu91198149/index.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-44317

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-13

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-09

Trust: 0.8

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2023-86597 // VULMON: CVE-2023-44317 // JVNDB: JVNDB-2023-017563 // NVD: CVE-2023-44317

SOURCES

db:CNVDid:CNVD-2023-86597
db:VULMONid:CVE-2023-44317
db:JVNDBid:JVNDB-2023-017563
db:NVDid:CVE-2023-44317

LAST UPDATE DATE

2024-06-12T19:45:57.201000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2023-86597date:2023-11-15T00:00:00
db:VULMONid:CVE-2023-44317date:2023-11-21T00:00:00
db:JVNDBid:JVNDB-2023-017563date:2024-02-19T06:50:00
db:NVDid:CVE-2023-44317date:2024-06-11T09:15:13.730

SOURCES RELEASE DATE

db:CNVDid:CNVD-2023-86597date:2023-11-15T00:00:00
db:VULMONid:CVE-2023-44317date:2023-11-14T00:00:00
db:JVNDBid:JVNDB-2023-017563date:2024-01-09T00:00:00
db:NVDid:CVE-2023-44317date:2023-11-14T11:15:12.067