CVE-2023-44319 Information
Description
A vulnerability has been identified in SCALANCE XB205-3 (SC PN) (All versions < V4.5) SCALANCE XB205-3 (ST E/IP) (All versions < V4.5) SCALANCE XB205-3 (ST E/IP) (All versions < V4.5) SCALANCE XB205-3 (ST PN) (All versions < V4.5) SCALANCE XB205-3LD (SC E/IP) (All versions < V4.5) SCALANCE XB205-3LD (SC PN) (All versions < V4.5) SCALANCE XB208 (E/IP) (All versions < V4.5) SCALANCE XB208 (PN) (All versions < V4.5) SCALANCE XB213-3 (SC E/IP) (All versions < V4.5) SCALANCE XB213-3 (SC PN) (All versions < V4.5) SCALANCE XB213-3 (ST E/IP) (All versions < V4.5) SCALANCE XB213-3 (ST PN) (All versions < V4.5) SCALANCE XB213-3LD (SC E/IP) (All versions < V4.5) SCALANCE XB213-3LD (SC PN) (All versions < V4.5) SCALANCE XB216 (E/IP) (All versions < V4.5) SCALANCE XB216 (PN) (All versions < V4.5) SCALANCE XC206-2 (SC) (All versions < V4.5) SCALANCE XC206-2 (ST/BFOC) (All versions < V4.5) SCALANCE XC206-2G PoE (All versions < V4.5) SCALANCE XC206-2G PoE (54 V DC) (All versions < V4.5) SCALANCE XC206-2G PoE EEC (54 V DC) (All versions < V4.5) SCALANCE XC206-2SFP (All versions < V4.5) SCALANCE XC206-2SFP EEC (All versions < V4.5) SCALANCE XC206-2SFP G (All versions < V4.5) SCALANCE XC206-2SFP G (EIP DEF.) (All versions < V4.5) SCALANCE XC206-2SFP G EEC (All versions < V4.5) SCALANCE XC208 (All versions < V4.5) SCALANCE XC208EEC (All versions < V4.5) SCALANCE XC208G (All versions < V4.5) SCALANCE XC208G (EIP def.) (All versions < V4.5) SCALANCE XC208G EEC (All versions < V4.5) SCALANCE XC208G PoE (All versions < V4.5) SCALANCE XC208G PoE (54 V DC) (All versions < V4.5) SCALANCE XC216 (All versions < V4.5) SCALANCE XC216-3G PoE (All versions < V4.5) SCALANCE XC216-3G PoE (54 V DC) (All versions < V4.5) SCALANCE XC216-4C (All versions < V4.5) SCALANCE XC216-4C G (All versions < V4.5) SCALANCE XC216-4C G (EIP Def.) (All versions < V4.5) SCALANCE XC216-4C G EEC (All versions < V4.5) SCALANCE XC216EEC (All versions < V4.5) SCALANCE XC224 (All versions < V4.5) SCALANCE XC224-4C G (All versions < V4.5) SCALANCE XC224-4C G (EIP Def.) (All versions < V4.5) SCALANCE XC224-4C G EEC (All versions < V4.5) SCALANCE XF204 (All versions < V4.5) SCALANCE XF204 DNA (All versions < V4.5) SCALANCE XF204-2BA (All versions < V4.5) SCALANCE XF204-2BA DNA (All versions < V4.5) SCALANCE XP208 (All versions < V4.5) SCALANCE XP208 (Ethernet/IP) (All versions < V4.5) SCALANCE XP208EEC (All versions < V4.5) SCALANCE XP208PoE EEC (All versions < V4.5) SCALANCE XP216 (All versions < V4.5) SCALANCE XP216 (Ethernet/IP) (All versions < V4.5) SCALANCE XP216EEC (All versions < V4.5) SCALANCE XP216POE EEC (All versions < V4.5) SCALANCE XR324WG (24 x FE AC 230V) (All versions < V4.5) SCALANCE XR324WG (24 X FE DC 24V) (All versions < V4.5) SCALANCE XR326-2C PoE WG (All versions < V4.5) SCALANCE XR326-2C PoE WG (without UL) (All versions < V4.5) SCALANCE XR328-4C WG (24XFE 4XGE 24V) (All versions < V4.5) SCALANCE XR328-4C WG (24xFE 4xGEDC24V) (All versions < V4.5) SCALANCE XR328-4C WG (24xFE4xGEAC230V) (All versions < V4.5) SCALANCE XR328-4C WG (24xFE4xGEAC230V) (All versions < V4.5) SCALANCE XR328-4C WG (28xGE AC 230V) (All versions < V4.5) SCALANCE XR328-4C WG (28xGE DC 24V) (All versions < V4.5) SIPLUS NET SCALANCE XC206-2 (All versions < V4.5) SIPLUS NET SCALANCE XC206-2SFP (All versions < V4.5) SIPLUS NET SCALANCE XC208 (All versions < V4.5) SIPLUS NET SCALANCE XC216-4C (All versions < V4.5). Affected devices use a weak checksum algorithm to protect the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that tricks a legitimate administrator to upload a modified configuration file to change the configuration of an affected device.
Reference
https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf
Share on: