CVE-2023-44321

CWE-400 — Uncontrolled Resource Consumption3 documents3 sources

Severity

5.1MEDIUM

EPSS

0.1%

top 73.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

163

Siemens Ruggedcom Rm1224 Lte(4g) EU Siemens Ruggedcom Rm1224 Lte(4g) NAM Siemens Scalance M804pb +160 more

Timeline

PublishedNov 14

Description

Affected devices do not properly validate the length of inputs when performing certain configuration changes in the web interface allowing an authenticated attacker to cause a denial of service condition. The device needs to be restarted for the web interface to become available again.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages163 packages

▶CVEListV5siemens/scalance_xc208< V4.6

▶CVEListV5siemens/scalance_xc216< V4.6

▶CVEListV5siemens/scalance_xc224< V4.6

▶CVEListV5siemens/scalance_xf204< V4.6

▶CVEListV5siemens/scalance_xp208< V4.6

🔴Vulnerability Details

GHSA

GHSA-w4f6-7r85-9m86: A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4↗2023-11-14

▶

CVEList

CVE-2023-44321: Affected devices do not properly validate the length of inputs when performing certain configuration changes in the web interface allowing an authenti↗2023-11-14

▶