nvd-json-data-feeds/CVE-2023/CVE-2023-443xx/CVE-2023-44320.json

{
  "id": "CVE-2023-44320",
  "sourceIdentifier": "productcert@siemens.com",
  "published": "2023-11-14T11:15:12.757",
  "lastModified": "2023-11-14T15:15:45.277",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, PN) (All versions < V4.5), SCALANCE XB205-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB205-3LD (SC, PN) (All versions < V4.5), SCALANCE XB208 (E/IP) (All versions < V4.5), SCALANCE XB208 (PN) (All versions < V4.5), SCALANCE XB213-3 (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3 (SC, PN) (All versions < V4.5), SCALANCE XB213-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB213-3 (ST, PN) (All versions < V4.5), SCALANCE XB213-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3LD (SC, PN) (All versions < V4.5), SCALANCE XB216 (E/IP) (All versions < V4.5), SCALANCE XB216 (PN) (All versions < V4.5), SCALANCE XC206-2 (SC) (All versions < V4.5), SCALANCE XC206-2 (ST/BFOC) (All versions < V4.5), SCALANCE XC206-2G PoE (All versions < V4.5), SCALANCE XC206-2G PoE (54 V DC) (All versions < V4.5), SCALANCE XC206-2G PoE EEC (54 V DC) (All versions < V4.5), SCALANCE XC206-2SFP (All versions < V4.5), SCALANCE XC206-2SFP EEC (All versions < V4.5), SCALANCE XC206-2SFP G (All versions < V4.5), SCALANCE XC206-2SFP G (EIP DEF.) (All versions < V4.5), SCALANCE XC206-2SFP G EEC (All versions < V4.5), SCALANCE XC208 (All versions < V4.5), SCALANCE XC208EEC (All versions < V4.5), SCALANCE XC208G (All versions < V4.5), SCALANCE XC208G (EIP def.) (All versions < V4.5), SCALANCE XC208G EEC (All versions < V4.5), SCALANCE XC208G PoE (All versions < V4.5), SCALANCE XC208G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216 (All versions < V4.5), SCALANCE XC216-3G PoE (All versions < V4.5), SCALANCE XC216-3G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216-4C (All versions < V4.5), SCALANCE XC216-4C G (All versions < V4.5), SCALANCE XC216-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC216-4C G EEC (All versions < V4.5), SCALANCE XC216EEC (All versions < V4.5), SCALANCE XC224 (All versions < V4.5), SCALANCE XC224-4C G (All versions < V4.5), SCALANCE XC224-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC224-4C G EEC (All versions < V4.5), SCALANCE XF204 (All versions < V4.5), SCALANCE XF204 DNA (All versions < V4.5), SCALANCE XF204-2BA (All versions < V4.5), SCALANCE XF204-2BA DNA (All versions < V4.5), SCALANCE XP208 (All versions < V4.5), SCALANCE XP208 (Ethernet/IP) (All versions < V4.5), SCALANCE XP208EEC (All versions < V4.5), SCALANCE XP208PoE EEC (All versions < V4.5), SCALANCE XP216 (All versions < V4.5), SCALANCE XP216 (Ethernet/IP) (All versions < V4.5), SCALANCE XP216EEC (All versions < V4.5), SCALANCE XP216POE EEC (All versions < V4.5), SCALANCE XR324WG (24 x FE, AC 230V) (All versions < V4.5), SCALANCE XR324WG (24 X FE, DC 24V) (All versions < V4.5), SCALANCE XR326-2C PoE WG (All versions < V4.5), SCALANCE XR326-2C PoE WG (without UL) (All versions < V4.5), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, AC 230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, DC 24V) (All versions < V4.5), SIPLUS NET SCALANCE XC206-2 (All versions < V4.5), SIPLUS NET SCALANCE XC206-2SFP (All versions < V4.5), SIPLUS NET SCALANCE XC208 (All versions < V4.5), SIPLUS NET SCALANCE XC216-4C (All versions < V4.5). Affected devices do not properly validate the authentication when performing certain modifications in the web interface allowing an authenticated attacker to influence the user interface configured by an administrator."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad en: \nSCALANCE XB205-3 (SC, PN) (V &lt; 4.5), \nSCALANCE XB205-3 (ST, E/IP) (V &lt; 4.5), \nSCALANCE XB205-3 (ST , E/IP) (V &lt; 4.5), \nSCALANCE XB205-3 (ST, PN) (V &lt; 4.5), \nSCALANCE XB205-3LD (SC, E/IP) (V &lt; 4.5 ), \nSCALANCE XB205-3LD (SC, PN) (V &lt; 4.5), \nSCALANCE XB208 (E/IP) (V &lt; 4.5), \nSCALANCE XB208 (PN) (V &lt; 4.5), \nSCALANCE XB213-3 (SC, E/IP) (V &lt; 4.5), \nSCALANCE XB213-3 (SC, PN) (V &lt; 4.5), \nSCALANCE XB213-3 (ST, E/IP) ( V &lt; 4.5), \nSCALANCE XB213-3 (ST, PN) (V &lt; 4.5), \nSCALANCE XB213-3LD (SC, E/IP) (V &lt; 4.5), \nSCALANCE XB213-3LD (SC, PN) (V &lt; 4.5), \nSCALANCE XB216 (E/IP) (V &lt; 4.5), \nSCALANCE XB216 (PN) (V &lt; 4.5), \nSCALANCE XC206-2 (SC ) (V &lt; 4.5), \nSCALANCE XC206-2 (ST/BFOC) (V &lt; 4.5), \nSCALANCE XC206-2G PoE (V &lt; 4.5), \nSCALANCE XC206-2G PoE (54 V DC) (V &lt; 4.5), \nSCALANCE XC206-2G PoE EEC (54 V DC) (V &lt; 4.5), \nSCALANCE XC206-2SFP (V &lt; 4.5), \nSCALANCE XC206-2SFP EEC ( V &lt; 4.5), \nSCALANCE XC206-2SFP G (V &lt; 4.5), \nSCALANCE XC206-2SFP G (EIP DEF.) (V &lt; 4.5), \nSCALANCE XC206-2SFP G EEC (V &lt; 4.5), \nSCALANCE XC208 (V &lt; 4.5), \nSCALANCE XC208EEC (V &lt; 4.5), \nSCALANCE XC208G (V &lt; 4.5), \nSCALANCE XC208G (EIP def.) (V &lt; 4.5), \nSCALANCE XC208G EEC (V &lt; 4.5), \nSCALANCE XC208G PoE (V &lt; 4.5), \nSCALANCE XC208G PoE (54 V DC) (V &lt; 4.5), \nSCALANCE XC216 (V &lt; 4.5), \nSCALANCE XC216-3G PoE (V &lt; 4.5), \nSCALANCE XC216-3G PoE (54 V DC) (V &lt; 4.5), \nSCALANCE XC216-4C (V &lt; 4. 5), \nSCALANCE XC216-4C G (V &lt; 4.5), \nSCALANCE XC216-4C G (EIP Def.) (V &lt; 4.5), \nSCALANCE XC216-4C G EEC (V &lt; 4.5) , \nSCALANCE XC216EEC (V &lt; 4.5), \nSCALANCE XC224 (V &lt; 4.5), \nSCALANCE XC224-4C G (V &lt; 4.5), \nSCALANCE XC224-4C G (EIP Def.) (V &lt; 4.5), \nSCALANCE XC224-4C G EEC (V &lt; 4.5), \nSCALANCE XF204 (V &lt; 4.5), \nSCALANCE XF204 DNA (V &lt; 4.5), \nSCALANCE XF204-2BA (V &lt; 4.5), \nSCALANCE XF204-2BA DNA (V &lt; 4.5), \nSCALANCE XP208 (V &lt; 4.5), \nSCALANCE XP208 (Ethernet/IP) (V &lt; 4.5), \nSCALANCE XP208EEC (V &lt; 4.5), \nSCALANCE XP208PoE EEC (V &lt; 4.5), \nSCALANCE XP216 (V &lt; 4.5), \nSCALANCE XP216 (Ethernet/IP) (V &lt; 4.5), \nSCALANCE XP216EEC (V &lt; 4.5), \nSCALANCE XP216POE EEC (V &lt; 4.5), \nSCALANCE XR324WG (24 x FE, AC 230V) (V &lt; 4.5), \nSCALANCE XR324WG (24 X FE, DC 24V) (V &lt; 4.5), \nSCALANCE XR326-2C PoE WG (V &lt; 4.5), \nSCALANCE XR326-2C PoE WG (sin UL) (V &lt; 4.5), \nSCALANCE XR328-4C WG (24XFE , 4XGE, 24V) (V &lt; 4.5), \nSCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (V &lt; 4.5), \nSCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (V &lt; 4.5), \nSCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (V &lt; 4.5), \nSCALANCE XR328-4C WG (28xGE, AC 230V) (V &lt; 4.5), \nSCALANCE XR328- 4C WG (28xGE, DC 24V) (V &lt; 4.5), \nSIPLUS NET SCALANCE XC206-2 (V &lt; 4.5), \nSIPLUS NET SCALANCE XC206-2SFP (V &lt; 4.5), \nSIPLUS NET SCALANCE XC208 (V &lt; 4.5), \nSIPLUS NET SCALANCE XC216-4C (V &lt; 4.5).\nLos dispositivos afectados no validan adecuadamente la autenticaci\u00f3n al realizar ciertas modificaciones en la interfaz web, lo que permite que un atacante autenticado influya en la interfaz de usuario configurada por un administrador."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "productcert@siemens.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4
      }
    ]
  },
  "weaknesses": [
    {
      "source": "productcert@siemens.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-425"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf",
      "source": "productcert@siemens.com"
    }
  ]
}
Auto-Update: 2023-11-14T13:00:18.021497+00:00 2023-11-14 13:00:21 +00:00			`{`
			`"id": "CVE-2023-44320",`
			`"sourceIdentifier": "productcert@siemens.com",`
			`"published": "2023-11-14T11:15:12.757",`
Auto-Update: 2023-11-14T17:00:18.860274+00:00 2023-11-14 17:00:22 +00:00			`"lastModified": "2023-11-14T15:15:45.277",`
			`"vulnStatus": "Awaiting Analysis",`
Auto-Update: 2023-11-14T13:00:18.021497+00:00 2023-11-14 13:00:21 +00:00			`"descriptions": [`
			`{`
			`"lang": "en",`
			"value": "A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, PN) (All versions < V4.5), SCALANCE XB205-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB205-3LD (SC, PN) (All versions < V4.5), SCALANCE XB208 (E/IP) (All versions < V4.5), SCALANCE XB208 (PN) (All versions < V4.5), SCALANCE XB213-3 (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3 (SC, PN) (All versions < V4.5), SCALANCE XB213-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB213-3 (ST, PN) (All versions < V4.5), SCALANCE XB213-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3LD (SC, PN) (All versions < V4.5), SCALANCE XB216 (E/IP) (All versions < V4.5), SCALANCE XB216 (PN) (All versions < V4.5), SCALANCE XC206-2 (SC) (All versions < V4.5), SCALANCE XC206-2 (ST/BFOC) (All versions < V4.5), SCALANCE XC206-2G PoE (All versions < V4.5), SCALANCE XC206-2G PoE (54 V DC) (All versions < V4.5), SCALANCE XC206-2G PoE EEC (54 V DC) (All versions < V4.5), SCALANCE XC206-2SFP (All versions < V4.5), SCALANCE XC206-2SFP EEC (All versions < V4.5), SCALANCE XC206-2SFP G (All versions < V4.5), SCALANCE XC206-2SFP G (EIP DEF.) (All versions < V4.5), SCALANCE XC206-2SFP G EEC (All versions < V4.5), SCALANCE XC208 (All versions < V4.5), SCALANCE XC208EEC (All versions < V4.5), SCALANCE XC208G (All versions < V4.5), SCALANCE XC208G (EIP def.) (All versions < V4.5), SCALANCE XC208G EEC (All versions < V4.5), SCALANCE XC208G PoE (All versions < V4.5), SCALANCE XC208G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216 (All versions < V4.5), SCALANCE XC216-3G PoE (All versions < V4.5), SCALANCE XC216-3G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216-4C (All versions < V4.5), SCALANCE XC216-4C G (All versions < V4.5), SCALANCE XC216-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC216-4C G EEC (All versions < V4.5), SCALANCE XC216EEC (All versions < V4.5), SCALANCE XC224 (All versions < V4.5), SCALANCE XC224-4C G (All versions < V4.5), SCALANCE XC224-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC224-4C G EEC (All versions < V4.5), SCALANCE XF204 (All versions < V4.5), SCALANCE XF204 DNA (All versions < V4.5), SCALANCE XF204-2BA (All versions < V4.5), SCALANCE XF204-2BA DNA (All versions < V4.5), SCALANCE XP208 (All versions < V4.5), SCALANCE XP208 (Ethernet/IP) (All versions < V4.5), SCALANCE XP208EEC (All versions < V4.5), SCALANCE XP208PoE EEC (All versions < V4.5), SCALANCE XP216 (All versions < V4.5), SCALANCE XP216 (Ethernet/IP) (All versions < V4.5), SCALANCE XP216EEC (All versions < V4.5), SCALANCE XP216POE EEC (All versions < V4.5), SCALANCE XR324WG (24 x FE, AC 230V) (All versions < V4.5), SCALANCE XR324WG (24 X FE, DC 24V) (All versions < V4.5), SCALANCE XR326-2C PoE WG (All versions < V4.5), SCALANCE XR326-2C PoE WG (without UL) (All versions < V4.5), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, AC 230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, DC 24V) (All versions < V4.5), SIPLUS NET SCALANCE XC206-2 (All versions < V4.5), SIPLUS NET SCALANCE XC206-2SFP (All versions < V4.5), SIPLUS NET SCALANCE XC208 (All versions < V4.5), SIPLUS NET SCALANCE XC216-4C (All versions < V4.5). Affected devices do not properly validate the authentication when performing certain modifications in the web interface allowing an authenticated attacker to influence the user interface configured by an administrator."
Auto-Update: 2023-11-14T17:00:18.860274+00:00 2023-11-14 17:00:22 +00:00			`},`
			`{`
			`"lang": "es",`
			"value": "Se ha identificado una vulnerabilidad en: \nSCALANCE XB205-3 (SC, PN) (V < 4.5), \nSCALANCE XB205-3 (ST, E/IP) (V < 4.5), \nSCALANCE XB205-3 (ST , E/IP) (V < 4.5), \nSCALANCE XB205-3 (ST, PN) (V < 4.5), \nSCALANCE XB205-3LD (SC, E/IP) (V < 4.5 ), \nSCALANCE XB205-3LD (SC, PN) (V < 4.5), \nSCALANCE XB208 (E/IP) (V < 4.5), \nSCALANCE XB208 (PN) (V < 4.5), \nSCALANCE XB213-3 (SC, E/IP) (V < 4.5), \nSCALANCE XB213-3 (SC, PN) (V < 4.5), \nSCALANCE XB213-3 (ST, E/IP) ( V < 4.5), \nSCALANCE XB213-3 (ST, PN) (V < 4.5), \nSCALANCE XB213-3LD (SC, E/IP) (V < 4.5), \nSCALANCE XB213-3LD (SC, PN) (V < 4.5), \nSCALANCE XB216 (E/IP) (V < 4.5), \nSCALANCE XB216 (PN) (V < 4.5), \nSCALANCE XC206-2 (SC ) (V < 4.5), \nSCALANCE XC206-2 (ST/BFOC) (V < 4.5), \nSCALANCE XC206-2G PoE (V < 4.5), \nSCALANCE XC206-2G PoE (54 V DC) (V < 4.5), \nSCALANCE XC206-2G PoE EEC (54 V DC) (V < 4.5), \nSCALANCE XC206-2SFP (V < 4.5), \nSCALANCE XC206-2SFP EEC ( V < 4.5), \nSCALANCE XC206-2SFP G (V < 4.5), \nSCALANCE XC206-2SFP G (EIP DEF.) (V < 4.5), \nSCALANCE XC206-2SFP G EEC (V < 4.5), \nSCALANCE XC208 (V < 4.5), \nSCALANCE XC208EEC (V < 4.5), \nSCALANCE XC208G (V < 4.5), \nSCALANCE XC208G (EIP def.) (V < 4.5), \nSCALANCE XC208G EEC (V < 4.5), \nSCALANCE XC208G PoE (V < 4.5), \nSCALANCE XC208G PoE (54 V DC) (V < 4.5), \nSCALANCE XC216 (V < 4.5), \nSCALANCE XC216-3G PoE (V < 4.5), \nSCALANCE XC216-3G PoE (54 V DC) (V < 4.5), \nSCALANCE XC216-4C (V < 4. 5), \nSCALANCE XC216-4C G (V < 4.5), \nSCALANCE XC216-4C G (EIP Def.) (V < 4.5), \nSCALANCE XC216-4C G EEC (V < 4.5) , \nSCALANCE XC216EEC (V < 4.5), \nSCALANCE XC224 (V < 4.5), \nSCALANCE XC224-4C G (V < 4.5), \nSCALANCE XC224-4C G (EIP Def.) (V < 4.5), \nSCALANCE XC224-4C G EEC (V < 4.5), \nSCALANCE XF204 (V < 4.5), \nSCALANCE XF204 DNA (V < 4.5), \nSCALANCE XF204-2BA (V < 4.5), \nSCALANCE XF204-2BA DNA (V < 4.5), \nSCALANCE XP208 (V < 4.5), \nSCALANCE XP208 (Ethernet/IP) (V < 4.5), \nSCALANCE XP208EEC (V < 4.5), \nSCALANCE XP208PoE EEC (V < 4.5), \nSCALANCE XP216 (V < 4.5), \nSCALANCE XP216 (Ethernet/IP) (V < 4.5), \nSCALANCE XP216EEC (V < 4.5), \nSCALANCE XP216POE EEC (V < 4.5), \nSCALANCE XR324WG (24 x FE, AC 230V) (V < 4.5), \nSCALANCE XR324WG (24 X FE, DC 24V) (V < 4.5), \nSCALANCE XR326-2C PoE WG (V < 4.5), \nSCALANCE XR326-2C PoE WG (sin UL) (V < 4.5), \nSCALANCE XR328-4C WG (24XFE , 4XGE, 24V) (V < 4.5), \nSCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (V < 4.5), \nSCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (V < 4.5), \nSCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (V < 4.5), \nSCALANCE XR328-4C WG (28xGE, AC 230V) (V < 4.5), \nSCALANCE XR328- 4C WG (28xGE, DC 24V) (V < 4.5), \nSIPLUS NET SCALANCE XC206-2 (V < 4.5), \nSIPLUS NET SCALANCE XC206-2SFP (V < 4.5), \nSIPLUS NET SCALANCE XC208 (V < 4.5), \nSIPLUS NET SCALANCE XC216-4C (V < 4.5).\nLos dispositivos afectados no validan adecuadamente la autenticaci\u00f3n al realizar ciertas modificaciones en la interfaz web, lo que permite que un atacante autenticado influya en la interfaz de usuario configurada por un administrador."
Auto-Update: 2023-11-14T13:00:18.021497+00:00 2023-11-14 13:00:21 +00:00			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV31": [`
			`{`
			`"source": "productcert@siemens.com",`
			`"type": "Secondary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",`
			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "LOW",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "NONE",`
			`"integrityImpact": "LOW",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 4.3,`
			`"baseSeverity": "MEDIUM"`
			`},`
			`"exploitabilityScore": 2.8,`
			`"impactScore": 1.4`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "productcert@siemens.com",`
			`"type": "Secondary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-425"`
			`}`
			`]`
			`}`
			`],`
			`"references": [`
			`{`
			`"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf",`
			`"source": "productcert@siemens.com"`
			`}`
			`]`
			`}`