Skip to main content

6Gk5205 3Bb00 2Ab2 Firmware CVE-2023-44373

CRITICAL
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74)
2023-11-14 productcert@siemens.com
Code Injection 6Gk5205 3Bb00 2Ab2 Firmware 6Gk5205 3Bb00 2Tb2 Firmware 6Gk5205 3Bd00 2Tb2 Firmware 6Gk5205 3Bd00 2Ab2 Firmware 6Gk5205 3Bf00 2Tb2 Firmware 6Gk5205 3Bf00 2Ab2 Firmware 6Gk5208 0Ba00 2Tb2 Firmware 6Gk5208 0Ba00 2Ab2 Firmware 6Gk5213 3Bd00 2Tb2 Firmware 6Gk5213 3Bd00 2Ab2 Firmware 6Gk5213 3Bb00 2Tb2 Firmware 6Gk5213 3Bb00 2Ab2 Firmware 6Gk5213 3Bf00 2Tb2 Firmware 6Gk5213 3Bf00 2Ab2 Firmware 6Gk5216 0Ba00 2Tb2 Firmware 6Gk5216 0Ba00 2Ab2 Firmware 6Gk5206 2Bd00 2Ac2 Firmware 6Gk5206 2Bb00 2Ac2 Firmware 6Gk5206 2Rs00 2Ac2 Firmware 6Gk5206 2Rs00 5Ac2 Firmware 6Gk5206 2Rs00 5Fc2 Firmware 6Gk5206 2Bs00 2Ac2 Firmware 6Gk5206 2Bs00 2Fc2 Firmware 6Gk5206 2Gs00 2Ac2 Firmware 6Gk5206 2Gs00 2Tc2 Firmware 6Gk5206 2Gs00 2Fc2 Firmware 6Gk5208 0Ba00 2Ac2 Firmware 6Gk5208 0Ba00 2Fc2 Firmware 6Gk5208 0Ga00 2Ac2 Firmware 6Gk5208 0Ga00 2Tc2 Firmware 6Gk5208 0Ga00 2Fc2 Firmware 6Gk5208 0Ra00 2Ac2 Firmware 6Gk5208 0Ra00 5Ac2 Firmware 6Gk5216 0Ba00 2Ac2 Firmware 6Gk5216 3Rs00 2Ac2 Firmware 6Gk5216 3Rs00 5Ac2 Firmware 6Gk5216 4Bs00 2Ac2 Firmware 6Gk5216 4Gs00 2Ac2 Firmware 6Gk5216 4Gs00 2Tc2 Firmware 6Gk5216 4Gs00 2Fc2 Firmware 6Gk5216 0Ba00 2Fc2 Firmware 6Gk5224 0Ba00 2Ac2 Firmware 6Gk5224 4Gs00 2Ac2 Firmware 6Gk5224 4Gs00 2Tc2 Firmware 6Gk5224 4Gs00 2Fc2 Firmware 6Gk5204 0Ba00 2Gf2 Firmware 6Gk5204 0Ba00 2Yf2 Firmware 6Gk5204 2Aa00 2Gf2 Firmware 6Gk5204 2Aa00 2Yf2 Firmware 6Gk5208 0Ha00 2As6 Firmware 6Gk5208 0Ha00 2Ts6 Firmware 6Gk5208 0Ha00 2Es6 Firmware 6Gk5208 0Ua00 5Es6 Firmware 6Gk5216 0Ha00 2As6 Firmware 6Gk5216 0Ha00 2Ts6 Firmware 6Gk5216 0Ha00 2Es6 Firmware 6Gk5216 0Ua00 5Es6 Firmware 6Gk5324 0Ba00 3Ar3 Firmware 6Gk5324 0Ba00 2Ar3 Firmware 6Gk5326 2Qs00 3Ar3 Firmware 6Gk5326 2Qs00 3Rr3 Firmware 6Gk5328 4Fs00 3Ar3 Firmware 6Gk5328 4Fs00 3Rr3 Firmware 6Gk5328 4Fs00 2Ar3 Firmware 6Gk5328 4Fs00 2Rr3 Firmware 6Gk5328 4Ss00 3Ar3 Firmware 6Gk5328 4Ss00 2Ar3 Firmware 6Ag1206 2Bb00 7Ac2 Firmware 6Ag1206 2Bs00 7Ac2 Firmware 6Ag1208 0Ba00 7Ac2 Firmware 6Ag1216 4Bs00 7Ac2 Firmware
9.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
9.4 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

1
CVE Published
Nov 14, 2023 - 11:15 cve.org
CRITICAL 9.4

DescriptionCVE.org

Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. Follow-up of CVE-2022-36323.

AnalysisAI

Affected devices do not properly sanitize an input field. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-74. Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. Follow-up of CVE-2022-36323. Affected products include: Siemens 6Gk5205-3Bb00-2Ab2 Firmware, Siemens 6Gk5205-3Bb00-2Tb2 Firmware, Siemens 6Gk5205-3Bd00-2Tb2 Firmware, Siemens 6Gk5205-3Bd00-2Ab2 Firmware, Siemens 6Gk5205-3Bf00-2Tb2 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Share

CVE-2023-44373 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy