Siemens RUGGEDCOM and SCALANCE M-800/S615 Family

🗓️ 12 Dec 2023 00:00:00Reported by Industrial Control Systems Cyber Emergency Response TeamType

ics🔗 www.cisa.gov👁 55 Views

Siemens RUGGEDCOM and SCALANCE M-800/S615 Family ICS vulnerability no longer updated by CISA after Jan 2023. CVSS v3 9.1, remote exploit, improper validation, hardcoded key, weak hash, forced browsing, OS command injection

Reporter	Title	Published	Views	Family All 35
ATTACKERKB	CVE-2022-46143	13 Dec 202216:15	–	attackerkb
ATTACKERKB	CVE-2023-44318	14 Nov 202311:15	–	attackerkb
Circl	CVE-2022-46143	13 Dec 202218:21	–	circl
CNNVD	Siemens部分产品安全漏洞	13 Dec 202200:00	–	cnnvd
CNNVD	Siemens SCALANCE 安全漏洞	14 Nov 202300:00	–	cnnvd
CNVD	Multiple Siemens products use hard-coded encryption key vulnerability	15 Nov 202300:00	–	cnvd
CNVD	Siemens SCALANCE M-800/S615 Series Information Disclosure Vulnerability	14 Dec 202200:00	–	cnvd
CVE	CVE-2022-46143	13 Dec 202200:00	–	cve
CVE	CVE-2023-44318	14 Nov 202311:03	–	cve
Cvelist	CVE-2022-46143	13 Dec 202200:00	–	cvelist

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/csaf/ssa-180704.json
cert-portal	www.cert-portal.siemens.com/productcert/html/ssa-180704.html
raw	www.raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2023/icsa-23-348-14.json
cisa	www.cisa.gov/news-events/ics-advisories/icsa-23-348-14
cisa	www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01
cisa	www.cisa.gov/resources-tools/resources/ics-recommended-practices
cisa	www.cisa.gov/topics/industrial-control-systems
us-cert	www.us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
cisa	www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf
cisa	www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B

12 Dec 2023 00:00Current

7.8High risk

Vulners AI Score7.8

CVSS 3.14.9

CVSS 46.9

EPSS0.00481

SSVC