Severity
High
Analysis Summary
CVE-2023-49692 CVSS: 7.2
Siemens SCALANCE M-800/S615 Family could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a flaw in the parsing of the IPSEC configuration. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on system level after a new connection is established.
CVE-2023-49691 CVSS: 7.2
Siemens SCALANCE M-800/S615 Family could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a flaw in the handling of the DDNS configuration. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on system level after a successful IP address update.
CVE-2023-38380 CVSS: 7.5
Siemens SIMATIC CP, SINAMICS, SIPLUS NET CP is vulnerable to a denial of service, caused by a flaw in the webserver implementation. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
Impact
- Denial of Service
- Gain Access
Indicators Of Compromise
CVE
- CVE-2023-49692
- CVE-2023-49691
- CVE-2023-38380
Affected Vendors
Siemens
Affected Products
- Siemens RUGGEDCOM RM1224 LTE(4G) EU (6GK6108- 4AM00-2BA2)
- Siemens RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2)
- Siemens SCALANCE M800/S615
- Siemens SIPLUS NET CP 1543-1 (6AG1543-1AX00- 2XE0)
- Siemens SIMATIC CP 1242-7 V2
- Siemens SIMATIC CP 1243-1
- Siemens SIMATIC CP 1243-1 DNP3
- Siemens SIMATIC CP 1243-1 IEC
- Siemens SIMATIC CP 1243-7 LTE
- Siemens SIMATIC CP 1243-8 IRC
- Siemens SIMATIC CP 1543-1
- Siemens SINAMICS S210 6.1
Remediation
Refer to Siemens Security Advisory for patch, upgrade or suggested workaround information.