Vulnerability in Siemens Ruggedcom Rm1224 Lte(4g) Eu
CVE-2023-44373
Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. Follow-up of CVE-2022-36323.
EPSS: 0.005 (67.7th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C.
Affected products
- Siemens Ruggedcom Rm1224 Lte(4g) Eu — versions 0
- Siemens Ruggedcom Rm1224 Lte(4g) Nam — versions 0
- Siemens Scalance M804pb — versions 0
- Siemens Scalance M812-1 Adsl-router — versions 0
- Siemens Scalance M816-1 Adsl-router — versions 0
- Siemens Scalance M826-2 Shdsl-router — versions 0
- Siemens Scalance M874-2 — versions 0
- Siemens Scalance M874-3 — versions 0
- Siemens Scalance M876-3 — versions 0
- Siemens Scalance M876-3 (Rok) — versions 0
Weakness classification (CWE)
References
- cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf
- cert-portal.siemens.com/productcert/pdf/ssa-180704.pdf
- cert-portal.siemens.com/productcert/html/ssa-699386.html
- cert-portal.siemens.com/productcert/html/ssa-180704.html
- cert-portal.siemens.com/productcert/html/ssa-602936.html
- cert-portal.siemens.com/productcert/html/ssa-690517.html
- cert-portal.siemens.com/productcert/html/ssa-721642.html
- cert-portal.siemens.com/productcert/html/ssa-019200.html
Frequently asked questions
- What is CVE-2023-44373?
- CVE-2023-44373 is a critical-severity vulnerability in Siemens Ruggedcom Rm1224 Lte(4g) Eu, classified under Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection). CVSS score: 9.1/10. Published 2023-11-14.
- How severe is CVE-2023-44373?
- Critical severity. CVSS v3 base score is 9.1 out of 10.