V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
Back to catalog
CVE-2023-44374
CVE
High

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM…

CVSS
7.1
High
EPSS
0.01
p46
Published
2023-01-01
Updated
2023-01-01
Description

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.0), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.0), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.0), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.0), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.0), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.0), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.0), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.0), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.0), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.0), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.0), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.0), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.0), SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V3.0.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V3.0.0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions < V3.0.0), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) (All versions < V3.0.0), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (All versions < V3.0.0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions < V3.0.0), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) (All versions < V3.0.0), SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) (All versions < V3.0.0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0) (All versions < V3.0.0), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) (All versions < V3.0.0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0) (All versions < V3.0.0). Affected devices allow to change the password, but insufficiently check which password is to be changed. With this an authenticated attacker could, under certain conditions, be able to change the password of another, potential admin user, which could allow to escalate privileges.

Tags · CWE
CWE-567
CAPEC-25
Affected products
6ag1206-2bb00-7ac2_firmware6ag1206-2bs00-7ac2_firmware6ag1208-0ba00-7ac2_firmware6ag1216-4bs00-7ac2_firmware6gk5204-0ba00-2gf2_firmware6gk5204-0ba00-2yf2_firmware6gk5204-2aa00-2gf2_firmware6gk5204-2aa00-2yf2_firmware6gk5205-3bb00-2ab2_firmware6gk5205-3bb00-2tb2_firmware6gk5205-3bd00-2ab2_firmware6gk5205-3bd00-2tb2_firmware6gk5205-3bf00-2ab2_firmware6gk5205-3bf00-2tb2_firmware6gk5206-2bb00-2ac2_firmware6gk5206-2bd00-2ac2_firmware6gk5206-2bs00-2ac2_firmware6gk5206-2bs00-2fc2_firmware6gk5206-2gs00-2ac2_firmware6gk5206-2gs00-2fc2_firmware
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Timeline
2023-01-01
Published
2023-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Attack Requirements
AT: N
None
Privileges Required
PR: L
Low (L)
User Interaction
UI: N
None (N)
Vulnerable System Confidentiality
VC: N
None (N)
Vulnerable System Integrity
VI: H
High (H)
Vulnerable System Availability
VA: N
None (N)
Subsequent System Confidentiality
SC: N
None (N)
Subsequent System Integrity
SI: N
None (N)
Subsequent System Availability
SA: N
None (N)
Exploit Code Maturity
E: X
Not Defined
Confidentiality Requirement
CR: X
Not Defined
Integrity Requirement
IR: X
Not Defined
Availability Requirement
AR: X
Not Defined
Modified Attack Vector
MAV: X
Not Defined
Modified Attack Complexity
MAC: X
Not Defined
Modified Attack Requirements
MAT: X
Not Defined
Modified Privileges Required
MPR: X
Not Defined
Modified User Interaction
MUI: X
Not Defined
Modified Vulnerable System Confidentiality
MVC: X
Not Defined
Modified Vulnerable System Integrity
MVI: X
Not Defined
Modified Vulnerable System Availability
MVA: X
Not Defined
Modified Subsequent System Confidentiality
MSC: X
Not Defined
Modified Subsequent System Integrity
MSI: X
Not Defined
Modified Subsequent System Availability
MSA: X
Not Defined
s
S: X
X
au
AU: X
X
r
R: X
X
v
V: X
X
re
RE: X
X
u
U: X
X
Exploit indicators
EPSS
0.007 · p46
Known exploited (KEV)
No
MITRE ATT&CK
Inferred via CAPEC
└ via CAPEC-25 · CWE-567
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
Siemens
6ag1206-2bb00-7ac26ag1206-2bb00-7ac2 Firmware6ag1206-2bs00-7ac26ag1206-2bs00-7ac2 Firmware6ag1208-0ba00-7ac26ag1208-0ba00-7ac2 Firmware6ag1216-4bs00-7ac26ag1216-4bs00-7ac2 Firmware6gk5204-0ba00-2gf26gk5204-0ba00-2gf2 Firmware+132
ProductVendorStatus
6ag1206-2bb00-7ac2_firmware*Tracked
6ag1206-2bs00-7ac2_firmware*Tracked
6ag1208-0ba00-7ac2_firmware*Tracked
6ag1216-4bs00-7ac2_firmware*Tracked
6gk5204-0ba00-2gf2_firmware*Tracked
6gk5204-0ba00-2yf2_firmware*Tracked
6gk5204-2aa00-2gf2_firmware*Tracked
6gk5204-2aa00-2yf2_firmware*Tracked
6gk5205-3bb00-2ab2_firmware*Tracked
6gk5205-3bb00-2tb2_firmware*Tracked
6gk5205-3bd00-2ab2_firmware*Tracked
6gk5205-3bd00-2tb2_firmware*Tracked
6gk5205-3bf00-2ab2_firmware*Tracked
6gk5205-3bf00-2tb2_firmware*Tracked
6gk5206-2bb00-2ac2_firmware*Tracked
6gk5206-2bd00-2ac2_firmware*Tracked
6gk5206-2bs00-2ac2_firmware*Tracked
6gk5206-2bs00-2fc2_firmware*Tracked
6gk5206-2gs00-2ac2_firmware*Tracked
6gk5206-2gs00-2fc2_firmware*Tracked
Showing first 20 of 71
Source databases
CVE
Related vulnerabilities
BDU:2023-08015