CVE-2023-49691: OS Command Injection
First published: Tue Dec 12 2023(Updated: )
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.0), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.0), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.0), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.0), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.0), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.0), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.0), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.0), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.0), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.0), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.0), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.0), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.0), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.0). An Improper Neutralization of Special Elements used in an OS Command with root privileges vulnerability exists in the handling of the DDNS configuration. This could allow malicious local administrators to issue commands on system level after a successful IP address update.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Siemens 6GK6108-4AM00-2BA2 Firmware | ||
| Siemens 6GK6108-4AM00-2BA2 Firmware | <8.0 | |
| All of | ||
| Siemens 6GK6108-4AM00-2DA2 Firmware | ||
| Siemens 6GK6108-4AM00-2DA2 Firmware | <8.0 | |
| All of | ||
| Siemens 6GK5804-0AP00-2AA2 | ||
| Siemens 6GK5804-0AP00-2AA2 | <8.0 | |
| All of | ||
| Siemens 6GK5812-1AA00-2AA2 | ||
| Siemens 6GK5812-1AA00-2AA2 | <8.0 | |
| All of | ||
| Siemens 6GK5812-1BA00-2AA2 | ||
| Siemens 6GK5812-1BA00-2AA2 | <8.0 | |
| All of | ||
| Siemens 6GK5816-1BA00-2AA2 Firmware | ||
| Siemens 6GK5816-1BA00-2AA2 Firmware | <8.0 | |
| All of | ||
| Siemens 6GK5816-1BA00-2AA2 Firmware | ||
| Siemens 6GK5816-1BA00-2AA2 Firmware | <8.0 | |
| All of | ||
| Siemens 6GK5826-2AB00-2AB2 Firmware | ||
| Siemens 6GK5826-2AB00-2AB2 Firmware | <8.0 | |
| All of | ||
| Siemens 6GK5874-2AA00-2AA2 Firmware | <8.0 | |
| Siemens 6GK5874-2AA00-2AA2 Firmware | ||
| All of | ||
| Siemens 6GK5874-3AA00-2AA2 | <8.0 | |
| Siemens 6GK5874-3AA00-2AA2 | ||
| All of | ||
| Siemens 6GK5876-3AA02-2BA2 | <8.0 | |
| Siemens 6GK5876-3AA02-2BA2 | ||
| All of | ||
| Siemens 6GK5876-3AA02-2EA2 | <8.0 | |
| Siemens 6GK5876-3AA02-2EA2 | ||
| All of | ||
| Siemens 6GK5876-4AA10-2BA2 | <8.0 | |
| Siemens 6GK5876-4AA10-2BA2 firmware | ||
| All of | ||
| Siemens 6GK5876-4AA00-2BA2 | <8.0 | |
| Siemens 6GK5876-4AA00-2BA2 | ||
| All of | ||
| Siemens 6GK5876-4AA00-2DA2 | <8.0 | |
| Siemens 6GK5876-4AA00-2DA2 | ||
| All of | ||
| Siemens 6GK5853-2EA00-2DA1 Firmware | <8.0 | |
| Siemens 6GK5853-2EA00-2DA1 Firmware | ||
| All of | ||
| Siemens 6GK5856-2EA00-3DA1 | <8.0 | |
| Siemens 6GK5856-2EA00-3DA1 | ||
| All of | ||
| Siemens 6GK5856-2EA00-3AA1 Firmware | <8.0 | |
| Siemens 6GK5856-2EA00-3AA1 Firmware | ||
| All of | ||
| Siemens 6GK5615-0AA00-2AA2 Firmware | <8.0 | |
| Siemens 6GK5615-0AA00-2AA2 | ||
| All of | ||
| Siemens 6GK5615-0AA01-2AA2 | <8.0 | |
| Siemens 6GK5615-0AA01-2AA2 firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-49691?
CVE-2023-49691 has a high severity rating due to its potential impact on affected devices.
How do I fix CVE-2023-49691?
To mitigate CVE-2023-49691, upgrade the firmware of all affected devices to version 8.0 or later.
What devices are affected by CVE-2023-49691?
CVE-2023-49691 affects various RUGGEDCOM and SCALANCE devices running versions before 8.0.
What is the impact of CVE-2023-49691?
The impact of CVE-2023-49691 may include unauthorized access or control over affected devices.
Is there a known exploit for CVE-2023-49691?
As of now, there are no publicly disclosed exploits specifically targeting CVE-2023-49691.
- agent/type
- agent/first-publish-date
- agent/severity
- agent/author
- agent/weakness
- agent/event
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/description
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/siemens
- canonical/siemens 6gk6108-4am00-2ba2 firmware
- canonical/siemens 6gk6108-4am00-2da2 firmware
- canonical/siemens 6gk5804-0ap00-2aa2
- canonical/siemens 6gk5812-1aa00-2aa2
- canonical/siemens 6gk5812-1ba00-2aa2
- canonical/siemens 6gk5816-1ba00-2aa2 firmware
- canonical/siemens 6gk5826-2ab00-2ab2 firmware
- canonical/siemens 6gk5874-2aa00-2aa2 firmware
- canonical/siemens 6gk5874-3aa00-2aa2
- canonical/siemens 6gk5876-3aa02-2ba2
- canonical/siemens 6gk5876-3aa02-2ea2
- canonical/siemens 6gk5876-4aa10-2ba2
- canonical/siemens 6gk5876-4aa10-2ba2 firmware
- canonical/siemens 6gk5876-4aa00-2ba2
- canonical/siemens 6gk5876-4aa00-2da2
- canonical/siemens 6gk5853-2ea00-2da1 firmware
- canonical/siemens 6gk5856-2ea00-3da1
- canonical/siemens 6gk5856-2ea00-3aa1 firmware
- canonical/siemens 6gk5615-0aa00-2aa2 firmware
- canonical/siemens 6gk5615-0aa00-2aa2
- canonical/siemens 6gk5615-0aa01-2aa2
- canonical/siemens 6gk5615-0aa01-2aa2 firmware