#VU86513 Input validation error in Siemens products - CVE-2023-45617
Published: February 14, 2024
Vulnerability identifier: #VU86513
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2023-45617
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
SCALANCE W1750D (JP)
SCALANCE W1750D (ROW)
SCALANCE W1750D (USA)
SCALANCE W1750D (JP)
SCALANCE W1750D (ROW)
SCALANCE W1750D (USA)
Software vendor:
Siemens
Siemens
Description
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to insufficient validation of user-supplied input in the CLI service accessed by PAPI. A remote attacker can pass specially crafted input to the application and delete arbitrary files on the underlying operating system.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.