Lucene search

[email protected]NVD:CVE-2023-44374

HistoryNov 14, 2023 - 11:15 a.m.

CVE-2023-44374

2023-11-1411:15:13

CWE-567

[email protected]

web.nvd.nist.gov

cve-2023-44374

affected devices

password change

insufficient check

authenticated attacker

privilege escalation

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

25.7%

JSON

Affected devices allow to change the password, but insufficiently check which password is to be changed. With this an authenticated attacker could, under certain conditions, be able to change the password of another, potential admin user allowing her to escalate her privileges.

Affected configurations

NVD

Node

siemens6gk5205-3bb00-2ab2_firmwareRange<4.5

AND

siemens6gk5205-3bb00-2ab2Match-

Node

siemens6gk5205-3bb00-2tb2_firmwareRange<4.5

AND

siemens6gk5205-3bb00-2tb2Match-

Node

siemens6gk5205-3bd00-2tb2_firmwareRange<4.5

AND

siemens6gk5205-3bd00-2tb2Match-

Node

siemens6gk5205-3bd00-2ab2_firmwareRange<4.5

AND

siemens6gk5205-3bd00-2ab2Match-

Node

siemens6gk5205-3bf00-2tb2_firmwareRange≤4.5

AND

siemens6gk5205-3bf00-2tb2Match-

Node

siemens6gk5205-3bf00-2ab2_firmwareRange<4.5

AND

siemens6gk5205-3bf00-2ab2Match-

Node

siemens6gk5208-0ba00-2tb2_firmwareRange<4.5

AND

siemens6gk5208-0ba00-2tb2Match-

Node

siemens6gk5208-0ba00-2ab2_firmwareRange<4.5

AND

siemens6gk5208-0ba00-2ab2Match-

Node

siemens6gk5213-3bd00-2tb2_firmwareRange<4.5

AND

siemens6gk5213-3bd00-2tb2Match-

Node

siemens6gk5213-3bd00-2ab2_firmwareRange<4.5

AND

siemens6gk5213-3bd00-2ab2Match-

Node

siemens6gk5213-3bb00-2tb2_firmwareRange<4.5

AND

siemens6gk5213-3bb00-2tb2Match-

Node

siemens6gk5213-3bb00-2ab2_firmwareRange<4.5

AND

siemens6gk5213-3bb00-2ab2Match-

Node

siemens6gk5213-3bf00-2tb2_firmwareRange<4.5

AND

siemens6gk5213-3bf00-2tb2Match-

Node

siemens6gk5213-3bf00-2ab2_firmwareRange<4.5

AND

siemens6gk5213-3bf00-2ab2Match-

Node

siemens6gk5216-0ba00-2tb2_firmwareRange<4.5

AND

siemens6gk5216-0ba00-2tb2Match-

Node

siemens6gk5216-0ba00-2ab2_firmwareRange<4.5

AND

siemens6gk5216-0ba00-2ab2Match-

Node

siemens6gk5206-2bd00-2ac2_firmwareRange<4.5

AND

siemens6gk5206-2bd00-2ac2Match-

Node

siemens6gk5206-2bb00-2ac2_firmwareRange<4.5

AND

siemens6gk5206-2bb00-2ac2Match-

Node

siemens6gk5206-2rs00-2ac2_firmwareRange<4.5

AND

siemens6gk5206-2rs00-2ac2Match-

Node

siemens6gk5206-2rs00-5ac2_firmwareRange<4.5

AND

siemens6gk5206-2rs00-5ac2Match-

Node

siemens6gk5206-2rs00-5fc2_firmwareRange<4.5

AND

siemens6gk5206-2rs00-5fc2Match-

Node

siemens6gk5206-2bs00-2ac2_firmwareRange<4.5

AND

siemens6gk5206-2bs00-2ac2Match-

Node

siemens6gk5206-2bs00-2fc2_firmwareRange<4.5

AND

siemens6gk5206-2bs00-2fc2Match-

Node

siemens6gk5206-2gs00-2ac2_firmwareRange<4.5

AND

siemens6gk5206-2gs00-2ac2Match-

Node

siemens6gk5206-2gs00-2tc2_firmwareRange<4.5

AND

siemens6gk5206-2gs00-2tc2Match-

Node

siemens6gk5206-2gs00-2fc2_firmwareRange<4.5

AND

siemens6gk5206-2gs00-2fc2Match-

Node

siemens6gk5208-0ba00-2ac2_firmwareRange<4.5

AND

siemens6gk5208-0ba00-2ac2Match-

Node

siemens6gk5208-0ba00-2fc2_firmwareRange<4.5

AND

siemens6gk5208-0ba00-2fc2Match-

Node

siemens6gk5208-0ga00-2ac2_firmwareRange<4.5

AND

siemens6gk5208-0ga00-2ac2Match-

Node

siemens6gk5208-0ga00-2tc2_firmwareRange<4.5

AND

siemens6gk5208-0ga00-2tc2Match-

Node

siemens6gk5208-0ga00-2fc2_firmwareRange<4.5

AND

siemens6gk5208-0ga00-2fc2Match-

Node

siemens6gk5208-0ra00-2ac2Match-

AND

siemens6gk5208-0ra00-2ac2_firmwareRange<4.5

Node

siemens6gk5208-0ra00-5ac2Match-

AND

siemens6gk5208-0ra00-5ac2_firmwareRange<4.5

Node

siemens6gk5216-0ba00-2ac2Match-

AND

siemens6gk5216-0ba00-2ac2_firmwareRange<4.5

Node

siemens6gk5216-3rs00-2ac2Match-

AND

siemens6gk5216-3rs00-2ac2_firmwareRange<4.5

Node

siemens6gk5216-3rs00-5ac2Match-

AND

siemens6gk5216-3rs00-5ac2_firmwareRange<4.5

Node

siemens6gk5216-4bs00-2ac2Match-

AND

siemens6gk5216-4bs00-2ac2_firmwareRange<4.5

Node

siemens6gk5216-4gs00-2ac2Match-

AND

siemens6gk5216-4gs00-2ac2_firmwareRange<4.5

Node

siemens6gk5216-4gs00-2tc2Match-

AND

siemens6gk5216-4gs00-2tc2_firmwareRange<4.5

Node

siemens6gk5216-4gs00-2fc2Match-

AND

siemens6gk5216-4gs00-2fc2_firmwareRange<4.5

Node

siemens6gk5216-0ba00-2fc2Match-

AND

siemens6gk5216-0ba00-2fc2_firmwareRange<4.5

Node

siemens6gk5224-0ba00-2ac2Match-

AND

siemens6gk5224-0ba00-2ac2_firmwareRange<4.5

Node

siemens6gk5224-4gs00-2ac2_firmwareRange<4.5

AND

siemens6gk5224-4gs00-2ac2Match-

Node

siemens6gk5224-4gs00-2tc2_firmwareRange<4.5

AND

siemens6gk5224-4gs00-2tc2Match-

Node

siemens6gk5224-4gs00-2fc2_firmwareRange<4.5

AND

siemens6gk5224-4gs00-2fc2Match-

Node

siemens6gk5204-0ba00-2gf2_firmwareRange<4.5

AND

siemens6gk5204-0ba00-2gf2Match-

Node

siemens6gk5204-0ba00-2yf2_firmwareRange<4.5

AND

siemens6gk5204-0ba00-2yf2Match-

Node

siemens6gk5204-2aa00-2gf2_firmwareRange<4.5

AND

siemens6gk5204-2aa00-2gf2Match-

Node

siemens6gk5204-2aa00-2yf2_firmwareRange<4.5

AND

siemens6gk5204-2aa00-2yf2Match-

Node

siemens6gk5208-0ha00-2as6_firmwareRange<4.5

AND

siemens6gk5208-0ha00-2as6Match-

Node

siemens6gk5208-0ha00-2ts6_firmwareRange<4.5

AND

siemens6gk5208-0ha00-2ts6Match-

Node

siemens6gk5208-0ha00-2es6_firmwareRange<4.5

AND

siemens6gk5208-0ha00-2es6Match-

Node

siemens6gk5208-0ua00-5es6_firmwareRange<4.5

AND

siemens6gk5208-0ua00-5es6Match-

Node

siemens6gk5216-0ha00-2as6_firmwareRange<4.5

AND

siemens6gk5216-0ha00-2as6Match-

Node

siemens6gk5216-0ha00-2ts6_firmwareRange<4.5

AND

siemens6gk5216-0ha00-2ts6Match-

Node

siemens6gk5216-0ha00-2es6_firmwareRange<4.5

AND

siemens6gk5216-0ha00-2es6Match-

Node

siemens6gk5216-0ua00-5es6_firmwareRange<4.5

AND

siemens6gk5216-0ua00-5es6Match-

Node

siemens6gk5324-0ba00-3ar3_firmwareRange<4.5

AND

siemens6gk5324-0ba00-3ar3Match-

Node

siemens6gk5324-0ba00-2ar3_firmwareRange<4.5

AND

siemens6gk5324-0ba00-2ar3Match-

Node

siemens6gk5326-2qs00-3ar3_firmwareRange<4.5

AND

siemens6gk5326-2qs00-3ar3Match-

Node

siemens6gk5326-2qs00-3rr3_firmwareRange<4.5

AND

siemens6gk5326-2qs00-3rr3Match-

Node

siemens6gk5328-4fs00-3ar3_firmwareRange<4.5

AND

siemens6gk5328-4fs00-3ar3Match-

Node

siemens6gk5328-4fs00-3rr3_firmwareRange<4.5

AND

siemens6gk5328-4fs00-3rr3Match-

Node

siemens6gk5328-4fs00-2ar3_firmwareRange<4.5

AND

siemens6gk5328-4fs00-2ar3Match-

Node

siemens6gk5328-4fs00-2rr3_firmwareRange<4.5

AND

siemens6gk5328-4fs00-2rr3Match-

Node

siemens6gk5328-4ss00-3ar3_firmwareRange<4.5

AND

siemens6gk5328-4ss00-3ar3Match-

Node

siemens6gk5328-4ss00-2ar3_firmwareRange<4.5

AND

siemens6gk5328-4ss00-2ar3Match-

Node

siemens6ag1206-2bb00-7ac2_firmwareRange<4.5

AND

siemens6ag1206-2bb00-7ac2Match-

Node

siemens6ag1206-2bs00-7ac2_firmwareRange<4.5

AND

siemens6ag1206-2bs00-7ac2Match-

Node

siemens6ag1208-0ba00-7ac2_firmwareRange<4.5

AND

siemens6ag1208-0ba00-7ac2Match-

Node

siemens6ag1216-4bs00-7ac2_firmwareRange<4.5

AND

siemens6ag1216-4bs00-7ac2Match-

References

cert-portal.siemens.com/productcert/html/ssa-180704.html

cert-portal.siemens.com/productcert/html/ssa-690517.html

cert-portal.siemens.com/productcert/html/ssa-699386.html

cert-portal.siemens.com/productcert/pdf/ssa-180704.pdf

cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

25.7%

JSON

Related for NVD:CVE-2023-44374

prion1 cnvd1 nessus1 cve1 cvelist1 ics3