CVE-2023-49692: OS Command Injection
First published: Tue Dec 12 2023(Updated: )
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.2.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V7.2.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V7.2.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V7.2.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V7.2.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V7.2.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V7.2.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V7.2.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V7.2.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V7.2.2). An Improper Neutralization of Special Elements used in an OS Command with root privileges vulnerability exists in the parsing of the IPSEC configuration. This could allow malicious local administrators to issue commands on system level after a new connection is established.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Siemens 6GK6108-4AM00-2BA2 Firmware | <7.2.2 | |
| Siemens 6GK6108-4AM00-2BA2 Firmware | ||
| All of | ||
| Siemens 6GK6108-4AM00-2DA2 Firmware | <7.2.2 | |
| Siemens 6GK6108-4AM00-2DA2 Firmware | ||
| All of | ||
| Siemens 6GK5804-0AP00-2AA2 | <7.2.2 | |
| Siemens 6GK5804-0AP00-2AA2 | ||
| All of | ||
| Siemens 6GK5812-1AA00-2AA2 | <7.2.2 | |
| Siemens 6GK5812-1AA00-2AA2 | ||
| All of | ||
| Siemens 6GK5812-1BA00-2AA2 | <7.2.2 | |
| Siemens 6GK5812-1BA00-2AA2 | ||
| All of | ||
| Siemens 6GK5816-1BA00-2AA2 Firmware | <7.2.2 | |
| Siemens 6GK5816-1BA00-2AA2 Firmware | ||
| All of | ||
| Siemens 6GK5816-1BA00-2AA2 Firmware | <7.2.2 | |
| Siemens 6GK5816-1BA00-2AA2 Firmware | ||
| All of | ||
| Siemens 6GK5826-2AB00-2AB2 Firmware | <7.2.2 | |
| Siemens 6GK5826-2AB00-2AB2 Firmware | ||
| All of | ||
| Siemens 6GK5874-2AA00-2AA2 Firmware | <7.2.2 | |
| Siemens 6GK5874-2AA00-2AA2 Firmware | ||
| All of | ||
| Siemens 6GK5874-3AA00-2AA2 | <7.2.2 | |
| Siemens 6GK5874-3AA00-2AA2 | ||
| All of | ||
| Siemens 6GK5876-3AA02-2BA2 | <7.2.2 | |
| Siemens 6GK5876-3AA02-2BA2 | ||
| All of | ||
| Siemens 6GK5876-3AA02-2EA2 | <7.2.2 | |
| Siemens 6GK5876-3AA02-2EA2 | ||
| All of | ||
| Siemens 6GK5876-4AA10-2BA2 | <7.2.2 | |
| Siemens 6GK5876-4AA10-2BA2 firmware | ||
| All of | ||
| Siemens 6GK5876-4AA00-2BA2 | <7.2.2 | |
| Siemens 6GK5876-4AA00-2BA2 | ||
| All of | ||
| Siemens 6GK5876-4AA00-2DA2 | <7.2.2 | |
| Siemens 6GK5876-4AA00-2DA2 | ||
| All of | ||
| Siemens 6GK5853-2EA00-2DA1 Firmware | <7.2.2 | |
| Siemens 6GK5853-2EA00-2DA1 Firmware | ||
| All of | ||
| Siemens 6GK5856-2EA00-3DA1 | <7.2.2 | |
| Siemens 6GK5856-2EA00-3DA1 | ||
| All of | ||
| Siemens 6GK5856-2EA00-3AA1 Firmware | <7.2.2 | |
| Siemens 6GK5856-2EA00-3AA1 Firmware | ||
| All of | ||
| Siemens 6GK5615-0AA00-2AA2 Firmware | <7.2.2 | |
| Siemens 6GK5615-0AA00-2AA2 | ||
| All of | ||
| Siemens 6GK5615-0AA01-2AA2 | <7.2.2 | |
| Siemens 6GK5615-0AA01-2AA2 firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-49692?
CVE-2023-49692 is classified with a moderate severity level.
How do I fix CVE-2023-49692?
To fix CVE-2023-49692, upgrade your device firmware to version 7.2.2 or later.
Which devices are affected by CVE-2023-49692?
CVE-2023-49692 affects various Siemens devices including RUGGEDCOM RM1224 LTE and SCALANCE models with versions prior to 7.2.2.
Is CVE-2023-49692 a remote exploitation vulnerability?
Yes, CVE-2023-49692 can be exploited remotely under certain conditions.
What impacts can CVE-2023-49692 have on affected systems?
The impacts of CVE-2023-49692 can include unauthorized access or compromise of device functionality.
- agent/type
- agent/first-publish-date
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/description
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/siemens
- canonical/siemens 6gk6108-4am00-2ba2 firmware
- canonical/siemens 6gk6108-4am00-2da2 firmware
- canonical/siemens 6gk5804-0ap00-2aa2
- canonical/siemens 6gk5812-1aa00-2aa2
- canonical/siemens 6gk5812-1ba00-2aa2
- canonical/siemens 6gk5816-1ba00-2aa2 firmware
- canonical/siemens 6gk5826-2ab00-2ab2 firmware
- canonical/siemens 6gk5874-2aa00-2aa2 firmware
- canonical/siemens 6gk5874-3aa00-2aa2
- canonical/siemens 6gk5876-3aa02-2ba2
- canonical/siemens 6gk5876-3aa02-2ea2
- canonical/siemens 6gk5876-4aa10-2ba2
- canonical/siemens 6gk5876-4aa10-2ba2 firmware
- canonical/siemens 6gk5876-4aa00-2ba2
- canonical/siemens 6gk5876-4aa00-2da2
- canonical/siemens 6gk5853-2ea00-2da1 firmware
- canonical/siemens 6gk5856-2ea00-3da1
- canonical/siemens 6gk5856-2ea00-3aa1 firmware
- canonical/siemens 6gk5615-0aa00-2aa2 firmware
- canonical/siemens 6gk5615-0aa00-2aa2
- canonical/siemens 6gk5615-0aa01-2aa2
- canonical/siemens 6gk5615-0aa01-2aa2 firmware