Vulnerabilities > CVE-2023-44317 - Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in Siemens products
Summary
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.2.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V7.2.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V7.2.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V7.2.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V7.2.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V7.2.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V7.2.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V7.2.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V7.2.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V7.2.2), SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (All versions), SCALANCE WAM766-1 (EU) (6GK5766-1GE00-7DA0) (All versions), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (All versions), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions), SCALANCE WAM766-1 EEC (EU) (6GK5766-1GE00-7TA0) (All versions), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) (All versions), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) (All versions), SCALANCE WUB762-1 (6GK5762-1AJ00-2AA0) (All versions), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) (All versions), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) (All versions), SCALANCE WUM766-1 (EU) (6GK5766-1GE00-3DA0) (All versions), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) (All versions), SCALANCE WUM766-1 (US) (6GK5766-1GE00-3DB0) (All versions). Affected products do not properly validate the content of uploaded X509 certificates which could allow an attacker with administrative privileges to execute arbitrary code on the device.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Cache Poisoning An attacker exploits the functionality of cache technologies to cause specific data to be cached that aids the attackers' objectives. This describes any attack whereby an attacker places incorrect or harmful material in cache. The targeted cache can be an application's cache (e.g. a web browser cache) or a public cache (e.g. a DNS or ARP cache). Until the cache is refreshed, most applications or clients will treat the corrupted cache value as valid. This can lead to a wide range of exploits including redirecting web browsers towards sites that install malware and repeatedly incorrect calculations based on the incorrect value.
- DNS Cache Poisoning A domain name server translates a domain name (such as www.example.com) into an IP address that Internet hosts use to contact Internet resources. An attacker modifies a public DNS cache to cause certain names to resolve to incorrect addresses that the attacker specifies. The result is that client applications that rely upon the targeted cache for domain name resolution will be directed not to the actual address of the specified domain name but to some other address. Attackers can use this to herd clients to sites that install malware on the victim's computer or to masquerade as part of a Pharming attack.
- Manipulating Writeable Configuration Files Generally these are manually edited files that are not in the preview of the system administrators, any ability on the attackers' behalf to modify these files, for example in a CVS repository, gives unauthorized access directly to the application, the same as authorized users.
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-068047.pdf
- https://cert-portal.siemens.com/productcert/html/ssa-699386.html
- https://cert-portal.siemens.com/productcert/html/ssa-068047.html
- https://cert-portal.siemens.com/productcert/html/ssa-602936.html
- https://cert-portal.siemens.com/productcert/html/ssa-690517.html