CVE-2023-44318

CWE-3213 documents3 sources

Severity

6.9MEDIUM

EPSS

0.2%

top 63.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

157

Siemens Ruggedcom Rm1224 Lte(4g) EU Siemens Ruggedcom Rm1224 Lte(4g) NAM Siemens Scalance M804pb +154 more

Timeline

PublishedNov 14

Description

Affected devices use a hardcoded key to obfuscate the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that obtains a configuration backup to extract configuration information from the exported file.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages157 packages

▶CVEListV5siemens/scalance_xc208< *

▶CVEListV5siemens/scalance_xc216< *

▶CVEListV5siemens/scalance_xc224< *

▶CVEListV5siemens/scalance_xf204< *

▶CVEListV5siemens/scalance_xp208< *

🔴Vulnerability Details

GHSA

GHSA-xhv6-jc84-h9c6: A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4↗2023-11-14

▶

CVEList

CVE-2023-44318: Affected devices use a hardcoded key to obfuscate the configuration backup that an administrator can export from the device↗2023-11-14

▶