Siemens SCALANCE W700

🗓️ 11 Jun 2024 00:00:00Reported by Industrial Control Systems Cyber Emergency Response TeamType

ics

ics🔗 www.cisa.gov👁 44 Views

Siemens SCALANCE W700 devices, multiple vulnerabilities, remote exploitation risk

Reporter	Title	Published	Views	Family All 101
ATTACKERKB	CVE-2023-44374	14 Nov 202311:15	–	attackerkb
ATTACKERKB	CVE-2023-44318	14 Nov 202311:15	–	attackerkb
ATTACKERKB	CVE-2023-44373	14 Nov 202311:15	–	attackerkb
BDU FSTEC	The vulnerability of the SSH network protocol implementation in microprogrammable industrial network interfaces SCALANCE SC622-2C, SC626-2C, SC632-2C, SC636-2C, SC642-2C, and SC646-2C arises from insufficient data authentication checks. This allows attackers to trigger service failures.	4 Jan 202300:00	–	bdu_fstec
BDU FSTEC	The vulnerability of Siemens SCALANCE industrial switches’ microprogramming software lies in the possibility of loading unreliable external data alongside reliable data, allowing a perpetrator to execute arbitrary code.	22 Nov 202300:00	–	bdu_fstec
BDU FSTEC	The vulnerability of Siemens SCALANCE industrial switches’ microprogramming software, related to the use of a rigidly encrypted cryptographic key, allows attackers to gain unauthorized access to protected information.	22 Nov 202300:00	–	bdu_fstec
BDU FSTEC	The vulnerability of Siemens SCALANCE industrial switches’ microprogramming software, related to the use of a weak password hash function, allows attackers to modify the device’s configuration.	22 Nov 202300:00	–	bdu_fstec
BDU FSTEC	The vulnerability of Siemens SCALANCE industrial switches’ microprogramming software arises from the lack of measures to neutralize special elements, allowing a perpetrator to execute arbitrary codes.	22 Nov 202300:00	–	bdu_fstec
BDU FSTEC	The vulnerability of Siemens SCALANCE industrial switches’ microprogramming software relates to unauthorized access to shared data in a multi-threaded context, allowing attackers to gain increased privileges.	22 Nov 202300:00	–	bdu_fstec
BDU FSTEC	The vulnerability of Siemens SCALANCE and RUGGEDCOM industrial switches lies in the insufficient checking of arguments passed in commands, allowing attackers to execute arbitrary commands.	19 Dec 202300:00	–	bdu_fstec

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/csaf/ssa-690517.json
cert-portal	www.cert-portal.siemens.com/productcert/html/ssa-690517.html
raw	www.raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-165-12.json
cisa	www.cisa.gov/news-events/ics-advisories/icsa-24-165-12
cisa	www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01
cisa	www.cisa.gov/resources-tools/resources/ics-recommended-practices
cisa	www.cisa.gov/topics/industrial-control-systems
us-cert	www.us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
cisa	www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf
cisa	www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B

11 Jun 2024 00:00Current

7.9High risk

Vulners AI Score7.9

CVSS 3.18.8 - 9.1

CVSS 49.4

EPSS0.00822

SSVC

siemens scalance w700 vulnerabilities remote exploitation