What is the severity of CVE-2023-52238?

CVE-2023-52238 is considered a high-severity vulnerability due to the potential for sensitive information leakage.

How do I fix CVE-2023-52238?

To mitigate CVE-2023-52238, users should upgrade their RUGGEDCOM RST2228 or RST2228P devices to version 5.9.0 or later.

What systems are affected by CVE-2023-52238?

CVE-2023-52238 affects RUGGEDCOM RST2228 and RUGGEDCOM RST2228P models running versions prior to 5.9.0.

What does CVE-2023-52238 exploit?

CVE-2023-52238 exploits a vulnerability in the web server that allows an attacker to retrieve the MACSEC key in clear text.

Can any user exploit CVE-2023-52238?

Yes, an attacker with low privileged user credentials can exploit CVE-2023-52238 to access sensitive information.

Vulnerability/
CVE-2023-52238

medium

4.3

CWE

200

9/7/2024

2/8/2024

CVE-2023-52238: Infoleak

First published: Tue Jul 09 2024(Updated: )

A vulnerability has been identified in RUGGEDCOM RST2228 (All versions < V5.9.0), RUGGEDCOM RST2228P (All versions < V5.9.0). The web server of the affected systems leaks the MACSEC key in clear text to a logged in user. An attacker with the credentials of a low privileged user could retrieve the MACSEC key and access (decrypt) the ethernet frames sent by authorized recipients.

Credit: productcert@siemens.com

Affected Software	Affected Version	How to fix
Siemens RUGGEDCOM ROS RST2228	<5.9.0
Siemens RUGGEDCOM RST2228	<5.9.0

Never miss a vulnerability like this again

Reference Links

https://cert-portal.siemens.com/productcert/html/ssa-170375.html

Frequently Asked Questions

What is the severity of CVE-2023-52238?
CVE-2023-52238 is considered a high-severity vulnerability due to the potential for sensitive information leakage.
How do I fix CVE-2023-52238?
To mitigate CVE-2023-52238, users should upgrade their RUGGEDCOM RST2228 or RST2228P devices to version 5.9.0 or later.
What systems are affected by CVE-2023-52238?
CVE-2023-52238 affects RUGGEDCOM RST2228 and RUGGEDCOM RST2228P models running versions prior to 5.9.0.
What does CVE-2023-52238 exploit?
CVE-2023-52238 exploits a vulnerability in the web server that allows an attacker to retrieve the MACSEC key in clear text.
Can any user exploit CVE-2023-52238?
Yes, an attacker with low privileged user credentials can exploit CVE-2023-52238 to access sensitive information.

agent/weakness
agent/type
agent/references
agent/first-publish-date
agent/description
agent/severity
agent/author
agent/event
collector/nvd-api
source/NVD
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/tags
agent/softwarecombine
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/siemens
canonical/siemens ruggedcom ros rst2228
canonical/siemens ruggedcom rst2228

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.