Acceptance of Extraneous Untrusted Data With Trusted Data in Hardware solutions

#VU83415 Acceptance of Extraneous Untrusted Data With Trusted Data in Hardware solutions

Published: 2023-11-22

Vulnerability identifier: #VU83415

Vulnerability risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-44317

CWE-ID: CWE-349

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
SCALANCE XB205-3
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XB205-3LD
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XB208
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XB213-3
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XB213-3LD
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XB216
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XC206-2
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XC206-2G PoE
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XC206-2G PoE EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XC206-2SFP
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XC206-2SFP EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XC206-2SFP G
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XC206-2SFP G EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XC208
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XC208EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XC208G
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XC208G EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XC208G PoE
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XC216
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XC216-3G PoE
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XC216-4C
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XC216-4C G
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XC216-4C G EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XC216EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XC224
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XC224-4C G
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XC224-4C G EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XF204
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XF204 DNA
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XF204-2BA
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XF204-2BA DNA
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XP208
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XP208EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XP208PoE EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XP216
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XP216EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XP216POE EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XR324WG
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XR326-2C PoE WG
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XR328-4C WG
Hardware solutions / Routers & switches, VoIP, GSM, etc
SIPLUS NET SCALANCE XC206-2
Hardware solutions / Routers & switches, VoIP, GSM, etc
SIPLUS NET SCALANCE XC206-2SFP
Hardware solutions / Routers & switches, VoIP, GSM, etc
SIPLUS NET SCALANCE XC208
Hardware solutions / Routers & switches, VoIP, GSM, etc
SIPLUS NET SCALANCE XC216-4C
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor:

Description

The vulnerability allows a remote user to compromise the target system.

The vulnerability exists due to the affected products do not properly validate the content of uploaded X509 certificates. A remote administrator can execute arbitrary code on the target device.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

External links
http://cert-portal.siemens.com/productcert/txt/ssa-699386.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Siemens SCALANCE M-800/S615 Family

Multiple vulnerabilities in Siemens SCALANCE XB-200 / XC-200 / XP-200 / XF-200BA / XR-300WG Family