mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-06-08 22:18:22 +00:00
59 lines
8.1 KiB
JSON
59 lines
8.1 KiB
JSON
{
|
|
"id": "CVE-2023-44317",
|
|
"sourceIdentifier": "productcert@siemens.com",
|
|
"published": "2023-11-14T11:15:12.067",
|
|
"lastModified": "2023-11-14T15:15:45.277",
|
|
"vulnStatus": "Awaiting Analysis",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, PN) (All versions < V4.5), SCALANCE XB205-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB205-3LD (SC, PN) (All versions < V4.5), SCALANCE XB208 (E/IP) (All versions < V4.5), SCALANCE XB208 (PN) (All versions < V4.5), SCALANCE XB213-3 (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3 (SC, PN) (All versions < V4.5), SCALANCE XB213-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB213-3 (ST, PN) (All versions < V4.5), SCALANCE XB213-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3LD (SC, PN) (All versions < V4.5), SCALANCE XB216 (E/IP) (All versions < V4.5), SCALANCE XB216 (PN) (All versions < V4.5), SCALANCE XC206-2 (SC) (All versions < V4.5), SCALANCE XC206-2 (ST/BFOC) (All versions < V4.5), SCALANCE XC206-2G PoE (All versions < V4.5), SCALANCE XC206-2G PoE (54 V DC) (All versions < V4.5), SCALANCE XC206-2G PoE EEC (54 V DC) (All versions < V4.5), SCALANCE XC206-2SFP (All versions < V4.5), SCALANCE XC206-2SFP EEC (All versions < V4.5), SCALANCE XC206-2SFP G (All versions < V4.5), SCALANCE XC206-2SFP G (EIP DEF.) (All versions < V4.5), SCALANCE XC206-2SFP G EEC (All versions < V4.5), SCALANCE XC208 (All versions < V4.5), SCALANCE XC208EEC (All versions < V4.5), SCALANCE XC208G (All versions < V4.5), SCALANCE XC208G (EIP def.) (All versions < V4.5), SCALANCE XC208G EEC (All versions < V4.5), SCALANCE XC208G PoE (All versions < V4.5), SCALANCE XC208G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216 (All versions < V4.5), SCALANCE XC216-3G PoE (All versions < V4.5), SCALANCE XC216-3G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216-4C (All versions < V4.5), SCALANCE XC216-4C G (All versions < V4.5), SCALANCE XC216-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC216-4C G EEC (All versions < V4.5), SCALANCE XC216EEC (All versions < V4.5), SCALANCE XC224 (All versions < V4.5), SCALANCE XC224-4C G (All versions < V4.5), SCALANCE XC224-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC224-4C G EEC (All versions < V4.5), SCALANCE XF204 (All versions < V4.5), SCALANCE XF204 DNA (All versions < V4.5), SCALANCE XF204-2BA (All versions < V4.5), SCALANCE XF204-2BA DNA (All versions < V4.5), SCALANCE XP208 (All versions < V4.5), SCALANCE XP208 (Ethernet/IP) (All versions < V4.5), SCALANCE XP208EEC (All versions < V4.5), SCALANCE XP208PoE EEC (All versions < V4.5), SCALANCE XP216 (All versions < V4.5), SCALANCE XP216 (Ethernet/IP) (All versions < V4.5), SCALANCE XP216EEC (All versions < V4.5), SCALANCE XP216POE EEC (All versions < V4.5), SCALANCE XR324WG (24 x FE, AC 230V) (All versions < V4.5), SCALANCE XR324WG (24 X FE, DC 24V) (All versions < V4.5), SCALANCE XR326-2C PoE WG (All versions < V4.5), SCALANCE XR326-2C PoE WG (without UL) (All versions < V4.5), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, AC 230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, DC 24V) (All versions < V4.5), SIPLUS NET SCALANCE XC206-2 (All versions < V4.5), SIPLUS NET SCALANCE XC206-2SFP (All versions < V4.5), SIPLUS NET SCALANCE XC208 (All versions < V4.5), SIPLUS NET SCALANCE XC216-4C (All versions < V4.5). Affected products do not properly validate the content of uploaded X509 certificates which could allow an attacker with administrative privileges to execute arbitrary code on the device."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Se ha identificado una vulnerabilidad en: \nSCALANCE XB205-3 (SC, PN) (V < 4.5), \nSCALANCE XB205-3 (ST, E/IP) (V < 4.5), \nSCALANCE XB205-3 (ST , E/IP) (V < 4.5), \nSCALANCE XB205-3 (ST, PN) (V < 4.5), \nSCALANCE XB205-3LD (SC, E/IP) (V < 4.5 ), \nSCALANCE XB205-3LD (SC, PN) (V < 4.5), \nSCALANCE XB208 (E/IP) (V < 4.5), \nSCALANCE XB208 (PN) (V < 4.5), \nSCALANCE XB213-3 (SC, E/IP) (V < 4.5), \nSCALANCE XB213-3 (SC, PN) (V < 4.5), \nSCALANCE XB213-3 (ST, E/IP) ( V < 4.5), \nSCALANCE XB213-3 (ST, PN) (V < 4.5), \nSCALANCE XB213-3LD (SC, E/IP) (V < 4.5), \nSCALANCE XB213-3LD (SC, PN) (V < 4.5), \nSCALANCE XB216 (E/IP) (V < 4.5), \nSCALANCE XB216 (PN) (V < 4.5), \nSCALANCE XC206-2 (SC ) (V < 4.5), \nSCALANCE XC206-2 (ST/BFOC) (V < 4.5), \nSCALANCE XC206-2G PoE (V < 4.5), \nSCALANCE XC206-2G PoE (54 V DC) (V < 4.5), \nSCALANCE XC206-2G PoE EEC (54 V DC) (V < 4.5), \nSCALANCE XC206-2SFP (V < 4.5), \nSCALANCE XC206-2SFP EEC ( V < 4.5), \nSCALANCE XC206-2SFP G (V < 4.5), \nSCALANCE XC206-2SFP G (EIP DEF.) (V < 4.5), \nSCALANCE XC206-2SFP G EEC (V < 4.5), \nSCALANCE XC208 (V < 4.5), \nSCALANCE XC208EEC (V < 4.5), \nSCALANCE XC208G (V < 4.5), \nSCALANCE XC208G (EIP def.) (V < 4.5), \nSCALANCE XC208G EEC (V < 4.5), \nSCALANCE XC208G PoE (V < 4.5), \nSCALANCE XC208G PoE (54 V DC) (V < 4.5), \nSCALANCE XC216 (V < 4.5), \nSCALANCE XC216-3G PoE (V < 4.5), \nSCALANCE XC216-3G PoE (54 V DC) (V < 4.5), \nSCALANCE XC216-4C (V < 4. 5), \nSCALANCE XC216-4C G (V < 4.5), \nSCALANCE XC216-4C G (EIP Def.) (V < 4.5), \nSCALANCE XC216-4C G EEC (V < 4.5) , \nSCALANCE XC216EEC (V < 4.5), \nSCALANCE XC224 (V < 4.5), \nSCALANCE XC224-4C G (V < 4.5), \nSCALANCE XC224-4C G (EIP Def.) (V < 4.5), \nSCALANCE XC224-4C G EEC (V < 4.5), \nSCALANCE XF204 (V < 4.5), \nSCALANCE XF204 DNA (V < 4.5), \nSCALANCE XF204-2BA (V < 4.5), \nSCALANCE XF204-2BA DNA (V < 4.5), \nSCALANCE XP208 (V < 4.5), \nSCALANCE XP208 (Ethernet/IP) (V < 4.5), \nSCALANCE XP208EEC (V < 4.5), \nSCALANCE XP208PoE EEC (V < 4.5), \nSCALANCE XP216 (V < 4.5), \nSCALANCE XP216 (Ethernet/IP) (V < 4.5), \nSCALANCE XP216EEC (V < 4.5), \nSCALANCE XP216POE EEC (V < 4.5), \nSCALANCE XR324WG (24 x FE, AC 230V) (V < 4.5), \nSCALANCE XR324WG (24 X FE, DC 24V) (V < 4.5), \nSCALANCE XR326-2C PoE WG (V < 4.5), \nSCALANCE XR326-2C PoE WG (sin UL) (V < 4.5), \nSCALANCE XR328-4C WG (24XFE , 4XGE, 24V) (V < 4.5), \nSCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (V < 4.5), \nSCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (V < 4.5), \nSCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (V < 4.5), \nSCALANCE XR328-4C WG (28xGE, AC 230V) (V < 4.5), \nSCALANCE XR328- 4C WG (28xGE, DC 24V) (V < 4.5), \nSIPLUS NET SCALANCE XC206-2 (V < 4.5), \nSIPLUS NET SCALANCE XC206-2SFP (V < 4.5), \nSIPLUS NET SCALANCE XC208 (V < 4.5), \nSIPLUS NET SCALANCE XC216-4C (V < 4.5).\nLos productos afectados no validan adecuadamente el contenido de los certificados X509 cargados, lo que podr\u00eda permitir a un atacante con privilegios administrativos ejecutar c\u00f3digo arbitrario en el dispositivo."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "productcert@siemens.com",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "HIGH",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 7.2,
|
|
"baseSeverity": "HIGH"
|
|
},
|
|
"exploitabilityScore": 1.2,
|
|
"impactScore": 5.9
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "productcert@siemens.com",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-349"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf",
|
|
"source": "productcert@siemens.com"
|
|
}
|
|
]
|
|
} |