CNVD-2023-86597
Vulnerability from cnvd - Published: 2023-11-15
VLAI Severity ?
Title
多款Siemens产品使用可信数据接受无关的不受信任数据漏洞
Description
SCALANCE M-800、MUM-800和S615以及RUGGEDCOM RM1224是工业路由器。SCALANCE W产品是用于连接工业组件的无线通信设备,如可编程逻辑控制器(PLC)或人机界面(HMI),符合IEEE 802.11标准(802.11ac、802.11a/b/g/h 和/或 802.11n)。SCALANCE W-1700产品是基于IEEE 802.11ac标准的无线通信设备。它们用于连接各种WLAN设备(接入点或客户端,取决于操作模式),重点关注工业组件,如可编程逻辑控制器(PLC)或人机界面(HMI)等。SCALANCE X交换机用于连接可编程逻辑控制器(PLC)或人机界面(HMI)等工业组件。
多款Siemens产品存在使用可信数据接受无关的不受信任数据漏洞,攻击者可利用该漏洞在设备上执行任意代码。
Severity
高
Patch Name
多款Siemens产品使用可信数据接受无关的不受信任数据漏洞的补丁
Patch Description
SCALANCE M-800、MUM-800和S615以及RUGGEDCOM RM1224是工业路由器。SCALANCE W产品是用于连接工业组件的无线通信设备,如可编程逻辑控制器(PLC)或人机界面(HMI),符合IEEE 802.11标准(802.11ac、802.11a/b/g/h 和/或 802.11n)。SCALANCE W-1700产品是基于IEEE 802.11ac标准的无线通信设备。它们用于连接各种WLAN设备(接入点或客户端,取决于操作模式),重点关注工业组件,如可编程逻辑控制器(PLC)或人机界面(HMI)等。SCALANCE X交换机用于连接可编程逻辑控制器(PLC)或人机界面(HMI)等工业组件。
多款Siemens产品存在使用可信数据接受无关的不受信任数据漏洞,攻击者可利用该漏洞在设备上执行任意代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://cert-portal.siemens.com/productcert/html/ssa-699386.html
Reference
https://cert-portal.siemens.com/productcert/html/ssa-699386.html
Impacted products
| Name | ['Siemens SCALANCE XC216EEC <4.5', 'Siemens SCALANCE XC224 <4.5', 'Siemens SCALANCE XC224-4C G <4.5', 'Siemens SCALANCE XC224-4C G EEC <4.5', 'Siemens SCALANCE XF204 <4.5', 'Siemens SCALANCE XF204 DNA <4.5', 'Siemens SCALANCE XF204-2BA <4.5', 'Siemens SCALANCE XF204-2BA DNA <4.5', 'Siemens SCALANCE XP208 <4.5', 'Siemens SCALANCE XP208EEC <4.5', 'Siemens SCALANCE XP208PoE EEC <4.5', 'Siemens SCALANCE XP216 <4.5', 'Siemens SCALANCE XP216EEC <4.5', 'Siemens SCALANCE XP216POE EEC <4.5', 'Siemens SCALANCE XR324WG <4.5', 'Siemens SCALANCE XR326-2C PoE WG <4.5', 'Siemens SCALANCE XR328-4C WG <4.5', 'Siemens SIPLUS NET SCALANCE XC206-2 <4.5', 'Siemens SIPLUS NET SCALANCE XC206-2SFP <4.5', 'Siemens SIPLUS NET SCALANCE XC208 <4.5', 'Siemens SIPLUS NET SCALANCE XC216-4C <4.5', 'Siemens SCALANCE XC206-2G PoE <4.5', 'Siemens SCALANCE XC206-2G PoE EEC <4.5', 'Siemens SCALANCE XC206-2SFP <4.5', 'Siemens SCALANCE XC206-2SFP EEC <4.5', 'Siemens SCALANCE XC206-2SFP G <4.5', 'Siemens SCALANCE XC208EEC <4.5', 'Siemens SCALANCE XC208G <4.5', 'Siemens SCALANCE XC208G EEC <4.5', 'Siemens SCALANCE XC208G PoE <4.5', 'Siemens SCALANCE XC216 <4.5', 'Siemens SCALANCE XC216-3G PoE <4.5', 'Siemens SCALANCE XC216-4C <4.5', 'Siemens SCALANCE XC216-4C G <4.5', 'Siemens SCALANCE XC216-4C G EEC <4.5', 'Siemens SCALANCE XB205-3 <4.5', 'Siemens SCALANCE XB205-3LD <4.5', 'Siemens SCALANCE XB208 <4.5', 'Siemens SCALANCE XB213-3 <4.5', 'Siemens SCALANCE XB213-3LD <4.5', 'Siemens SCALANCE XB216 <4.5', 'Siemens SCALANCE XC206-2 <4.5'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2023-44317"
}
},
"description": "SCALANCE M-800\u3001MUM-800\u548cS615\u4ee5\u53caRUGGEDCOM RM1224\u662f\u5de5\u4e1a\u8def\u7531\u5668\u3002SCALANCE W\u4ea7\u54c1\u662f\u7528\u4e8e\u8fde\u63a5\u5de5\u4e1a\u7ec4\u4ef6\u7684\u65e0\u7ebf\u901a\u4fe1\u8bbe\u5907\uff0c\u5982\u53ef\u7f16\u7a0b\u903b\u8f91\u63a7\u5236\u5668\uff08PLC\uff09\u6216\u4eba\u673a\u754c\u9762\uff08HMI\uff09\uff0c\u7b26\u5408IEEE 802.11\u6807\u51c6\uff08802.11ac\u3001802.11a/b/g/h \u548c/\u6216 802.11n\uff09\u3002SCALANCE W-1700\u4ea7\u54c1\u662f\u57fa\u4e8eIEEE 802.11ac\u6807\u51c6\u7684\u65e0\u7ebf\u901a\u4fe1\u8bbe\u5907\u3002\u5b83\u4eec\u7528\u4e8e\u8fde\u63a5\u5404\u79cdWLAN\u8bbe\u5907\uff08\u63a5\u5165\u70b9\u6216\u5ba2\u6237\u7aef\uff0c\u53d6\u51b3\u4e8e\u64cd\u4f5c\u6a21\u5f0f\uff09\uff0c\u91cd\u70b9\u5173\u6ce8\u5de5\u4e1a\u7ec4\u4ef6\uff0c\u5982\u53ef\u7f16\u7a0b\u903b\u8f91\u63a7\u5236\u5668\uff08PLC\uff09\u6216\u4eba\u673a\u754c\u9762\uff08HMI\uff09\u7b49\u3002SCALANCE X\u4ea4\u6362\u673a\u7528\u4e8e\u8fde\u63a5\u53ef\u7f16\u7a0b\u903b\u8f91\u63a7\u5236\u5668\uff08PLC\uff09\u6216\u4eba\u673a\u754c\u9762\uff08HMI\uff09\u7b49\u5de5\u4e1a\u7ec4\u4ef6\u3002\n\n\u591a\u6b3eSiemens\u4ea7\u54c1\u5b58\u5728\u4f7f\u7528\u53ef\u4fe1\u6570\u636e\u63a5\u53d7\u65e0\u5173\u7684\u4e0d\u53d7\u4fe1\u4efb\u6570\u636e\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u8bbe\u5907\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://cert-portal.siemens.com/productcert/html/ssa-699386.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2023-86597",
"openTime": "2023-11-15",
"patchDescription": "SCALANCE M-800\u3001MUM-800\u548cS615\u4ee5\u53caRUGGEDCOM RM1224\u662f\u5de5\u4e1a\u8def\u7531\u5668\u3002SCALANCE W\u4ea7\u54c1\u662f\u7528\u4e8e\u8fde\u63a5\u5de5\u4e1a\u7ec4\u4ef6\u7684\u65e0\u7ebf\u901a\u4fe1\u8bbe\u5907\uff0c\u5982\u53ef\u7f16\u7a0b\u903b\u8f91\u63a7\u5236\u5668\uff08PLC\uff09\u6216\u4eba\u673a\u754c\u9762\uff08HMI\uff09\uff0c\u7b26\u5408IEEE 802.11\u6807\u51c6\uff08802.11ac\u3001802.11a/b/g/h \u548c/\u6216 802.11n\uff09\u3002SCALANCE W-1700\u4ea7\u54c1\u662f\u57fa\u4e8eIEEE 802.11ac\u6807\u51c6\u7684\u65e0\u7ebf\u901a\u4fe1\u8bbe\u5907\u3002\u5b83\u4eec\u7528\u4e8e\u8fde\u63a5\u5404\u79cdWLAN\u8bbe\u5907\uff08\u63a5\u5165\u70b9\u6216\u5ba2\u6237\u7aef\uff0c\u53d6\u51b3\u4e8e\u64cd\u4f5c\u6a21\u5f0f\uff09\uff0c\u91cd\u70b9\u5173\u6ce8\u5de5\u4e1a\u7ec4\u4ef6\uff0c\u5982\u53ef\u7f16\u7a0b\u903b\u8f91\u63a7\u5236\u5668\uff08PLC\uff09\u6216\u4eba\u673a\u754c\u9762\uff08HMI\uff09\u7b49\u3002SCALANCE X\u4ea4\u6362\u673a\u7528\u4e8e\u8fde\u63a5\u53ef\u7f16\u7a0b\u903b\u8f91\u63a7\u5236\u5668\uff08PLC\uff09\u6216\u4eba\u673a\u754c\u9762\uff08HMI\uff09\u7b49\u5de5\u4e1a\u7ec4\u4ef6\u3002\r\n\r\n\u591a\u6b3eSiemens\u4ea7\u54c1\u5b58\u5728\u4f7f\u7528\u53ef\u4fe1\u6570\u636e\u63a5\u53d7\u65e0\u5173\u7684\u4e0d\u53d7\u4fe1\u4efb\u6570\u636e\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u8bbe\u5907\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "\u591a\u6b3eSiemens\u4ea7\u54c1\u4f7f\u7528\u53ef\u4fe1\u6570\u636e\u63a5\u53d7\u65e0\u5173\u7684\u4e0d\u53d7\u4fe1\u4efb\u6570\u636e\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Siemens SCALANCE XC216EEC \u003c4.5",
"Siemens SCALANCE XC224 \u003c4.5",
"Siemens SCALANCE XC224-4C G \u003c4.5",
"Siemens SCALANCE XC224-4C G EEC \u003c4.5",
"Siemens SCALANCE XF204 \u003c4.5",
"Siemens SCALANCE XF204 DNA \u003c4.5",
"Siemens SCALANCE XF204-2BA \u003c4.5",
"Siemens SCALANCE XF204-2BA DNA \u003c4.5",
"Siemens SCALANCE XP208 \u003c4.5",
"Siemens SCALANCE XP208EEC \u003c4.5",
"Siemens SCALANCE XP208PoE EEC \u003c4.5",
"Siemens SCALANCE XP216 \u003c4.5",
"Siemens SCALANCE XP216EEC \u003c4.5",
"Siemens SCALANCE XP216POE EEC \u003c4.5",
"Siemens SCALANCE XR324WG \u003c4.5",
"Siemens SCALANCE XR326-2C PoE WG \u003c4.5",
"Siemens SCALANCE XR328-4C WG \u003c4.5",
"Siemens SIPLUS NET SCALANCE XC206-2 \u003c4.5",
"Siemens SIPLUS NET SCALANCE XC206-2SFP \u003c4.5",
"Siemens SIPLUS NET SCALANCE XC208 \u003c4.5",
"Siemens SIPLUS NET SCALANCE XC216-4C \u003c4.5",
"Siemens SCALANCE XC206-2G PoE \u003c4.5",
"Siemens SCALANCE XC206-2G PoE EEC \u003c4.5",
"Siemens SCALANCE XC206-2SFP \u003c4.5",
"Siemens SCALANCE XC206-2SFP EEC \u003c4.5",
"Siemens SCALANCE XC206-2SFP G \u003c4.5",
"Siemens SCALANCE XC208EEC \u003c4.5",
"Siemens SCALANCE XC208G \u003c4.5",
"Siemens SCALANCE XC208G EEC \u003c4.5",
"Siemens SCALANCE XC208G PoE \u003c4.5",
"Siemens SCALANCE XC216 \u003c4.5",
"Siemens SCALANCE XC216-3G PoE \u003c4.5",
"Siemens SCALANCE XC216-4C \u003c4.5",
"Siemens SCALANCE XC216-4C G \u003c4.5",
"Siemens SCALANCE XC216-4C G EEC \u003c4.5",
"Siemens SCALANCE XB205-3 \u003c4.5",
"Siemens SCALANCE XB205-3LD \u003c4.5",
"Siemens SCALANCE XB208 \u003c4.5",
"Siemens SCALANCE XB213-3 \u003c4.5",
"Siemens SCALANCE XB213-3LD \u003c4.5",
"Siemens SCALANCE XB216 \u003c4.5",
"Siemens SCALANCE XC206-2 \u003c4.5"
]
},
"referenceLink": "https://cert-portal.siemens.com/productcert/html/ssa-699386.html",
"serverity": "\u9ad8",
"submitTime": "2023-11-15",
"title": "\u591a\u6b3eSiemens\u4ea7\u54c1\u4f7f\u7528\u53ef\u4fe1\u6570\u636e\u63a5\u53d7\u65e0\u5173\u7684\u4e0d\u53d7\u4fe1\u4efb\u6570\u636e\u6f0f\u6d1e"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…