CVE-2023-52238

CWE-200Information Exposure3 documents3 sources
Severity
2.3LOW
EPSS
0.1%
top 76.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Siemens Ruggedcom Rst2228Siemens Ruggedcom Rst2228p
Timeline
PublishedJul 9

Description

A vulnerability has been identified in RUGGEDCOM RST2228 (All versions < V5.9.0), RUGGEDCOM RST2228P (All versions < V5.9.0). The web server of the affected systems leaks the MACSEC key in clear text to a logged in user. An attacker with the credentials of a low privileged user could retrieve the MACSEC key and access (decrypt) the ethernet frames sent by authorized recipients.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5siemens/ruggedcom_rst2228p< V5.9.0
CVEListV5siemens/ruggedcom_rst2228< V5.9.0

🔴Vulnerability Details

2
CVEList
CVE-2023-52238: A vulnerability has been identified in RUGGEDCOM RST2228 (All versions < V52024-07-09
GHSA
GHSA-jfvv-8342-x746: A vulnerability has been identified in RUGGEDCOM RST2228 (All versions < V52024-07-09
CVE-2023-52238 (LOW CVSS 2.3) | A vulnerability has been identified | cvebase.io