Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2023-49692
HistoryDec 12, 2023 - 12:15 p.m.

CVE-2023-49692

2023-12-1212:15:16
CWE-78
[email protected]
web.nvd.nist.gov
1
cve-2023-49692
improper neutralization of special elements
os command
ipsec configuration
root privileges
local administrators

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.0005 Low

EPSS

Percentile

17.2%

JSON

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.2.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V7.2.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V7.2.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V7.2.2), SCALANCE M876-3 (EVDO) (6GK5876-3AA02-2BA2) (All versions < V7.2.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V7.2.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V7.2.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V7.2.2), SCALANCE S615 (6GK5615-0AA00-2AA2) (All versions < V7.2.2), SCALANCE S615 EEC (6GK5615-0AA01-2AA2) (All versions < V7.2.2), SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (All versions < V3.0.2), SCALANCE SC626-2C (6GK5626-2GS00-2AC2) (All versions < V3.0.2), SCALANCE SC632-2C (6GK5632-2GS00-2AC2) (All versions < V3.0.2), SCALANCE SC636-2C (6GK5636-2GS00-2AC2) (All versions < V3.0.2), SCALANCE SC642-2C (6GK5642-2GS00-2AC2) (All versions < V3.0.2), SCALANCE SC646-2C (6GK5646-2GS00-2AC2) (All versions < V3.0.2). An Improper Neutralization of Special Elements used in an OS Command with root privileges vulnerability exists in the parsing of the IPSEC configuration. This could allow malicious local administrators to issue commands on system level after a new connection is established.

Affected configurations

NVD
Node
siemens6gk6108-4am00-2ba2_firmwareRange<7.2.2
AND
siemens6gk6108-4am00-2ba2Match-
Node
siemens6gk6108-4am00-2da2_firmwareRange<7.2.2
AND
siemens6gk6108-4am00-2da2Match-
Node
siemens6gk5804-0ap00-2aa2_firmwareRange<7.2.2
AND
siemens6gk5804-0ap00-2aa2Match-
Node
siemens6gk5812-1aa00-2aa2_firmwareRange<7.2.2
AND
siemens6gk5812-1aa00-2aa2Match-
Node
siemens6gk5812-1ba00-2aa2_firmwareRange<7.2.2
AND
siemens6gk5812-1ba00-2aa2Match-
Node
siemens6gk5816-1aa00-2aa2_firmwareRange<7.2.2
AND
siemens6gk5816-1aa00-2aa2Match-
Node
siemens6gk5816-1ba00-2aa2_firmwareRange<7.2.2
AND
siemens6gk5816-1ba00-2aa2Match-
Node
siemens6gk5826-2ab00-2ab2_firmwareRange<7.2.2
AND
siemens6gk5826-2ab00-2ab2Match-
Node
siemens6gk5874-2aa00-2aa2_firmwareRange<7.2.2
AND
siemens6gk5874-2aa00-2aa2Match-
Node
siemens6gk5874-3aa00-2aa2_firmwareRange<7.2.2
AND
siemens6gk5874-3aa00-2aa2Match-
Node
siemens6gk5876-3aa02-2ba2_firmwareRange<7.2.2
AND
siemens6gk5876-3aa02-2ba2Match-
Node
siemens6gk5876-3aa02-2ea2_firmwareRange<7.2.2
AND
siemens6gk5876-3aa02-2ea2Match-
Node
siemens6gk5876-4aa10-2ba2_firmwareRange<7.2.2
AND
siemens6gk5876-4aa10-2ba2Match-
Node
siemens6gk5876-4aa00-2ba2_firmwareRange<7.2.2
AND
siemens6gk5876-4aa00-2ba2Match-
Node
siemens6gk5876-4aa00-2da2_firmwareRange<7.2.2
AND
siemens6gk5876-4aa00-2da2Match-
Node
siemens6gk5853-2ea00-2da1_firmwareRange<7.2.2
AND
siemens6gk5853-2ea00-2da1Match-
Node
siemens6gk5856-2ea00-3da1_firmwareRange<7.2.2
AND
siemens6gk5856-2ea00-3da1Match-
Node
siemens6gk5856-2ea00-3aa1_firmwareRange<7.2.2
AND
siemens6gk5856-2ea00-3aa1Match-
Node
siemens6gk5615-0aa00-2aa2_firmwareRange<7.2.2
AND
siemens6gk5615-0aa00-2aa2Match-
Node
siemens6gk5615-0aa01-2aa2_firmwareRange<7.2.2
AND
siemens6gk5615-0aa01-2aa2Match-

Related

cvelist 1
prion 1
nessus 1
cve 1
cnvd 1
ics 2
cvelist
cvelist
CVE-2023-49692
2023-12-12 11:27:26
prion
prion
Command injection
2023-12-12 12:15:00
nessus
nessus
Siemens SCALANCE OS Command Injection (CVE-2023-49692)
2024-01-11 00:00:00
cve
cve
CVE-2023-49692
2023-12-12 12:15:16
cnvd
cnvd
Siemens SCALANCE M-800/S615 Series OS Command Injection Vulnerability
2023-12-13 00:00:00
ics
ics
Siemens SCALANCE and RUGGEDCOM M-800/S615 Family
2023-12-14 12:00:00
Siemens SCALANCE SC-600 Family
2024-02-15 12:00:00

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.0005 Low

EPSS

Percentile

17.2%

JSON
Related for NVD:CVE-2023-49692
cvelist1prion1nessus1cve1cnvd1ics2