Strix
26.1K

CVE-2023-44321

MEDIUMCVSS 5.1/10EPSS 1.00%

Last modified

CVE-2023-44321 is a medium-severity vulnerability rated 5.1/10 on the CVSS scale. Affected devices do not properly validate the length of inputs when performing certain configuration changes in the web interface allowing an authenticated attacker to cause a denial of service condition. The device needs to be restarted for the web interface to become available again.. EPSS estimates a 1.00% chance of exploitation in the next 30 days.

Description

Affected devices do not properly validate the length of inputs when performing certain configuration changes in the web interface allowing an authenticated attacker to cause a denial of service condition. The device needs to be restarted for the web interface to become available again.

Metrics

CVSS 3.1
6.5/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS 4.0
5.1/10

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Probability
1.00%

58.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
Siemens6gk5205-3bb00-2ab2 Firmware< 4.5
Siemens6gk5205-3bb00-2tb2 Firmware< 4.5
Siemens6gk5205-3bd00-2tb2 Firmware< 4.5
Siemens6gk5205-3bd00-2ab2 Firmware< 4.5
Siemens6gk5205-3bf00-2tb2 Firmware<= 4.5
Siemens6gk5205-3bf00-2ab2 Firmware< 4.5
Siemens6gk5208-0ba00-2tb2 Firmware< 4.5
Siemens6gk5208-0ba00-2ab2 Firmware< 4.5
Siemens6gk5213-3bd00-2tb2 Firmware< 4.5
Siemens6gk5213-3bd00-2ab2 Firmware< 4.5
Siemens6gk5213-3bb00-2tb2 Firmware< 4.5
Siemens6gk5213-3bb00-2ab2 Firmware< 4.5
Siemens6gk5213-3bf00-2tb2 Firmware< 4.5
Siemens6gk5213-3bf00-2ab2 Firmware< 4.5
Siemens6gk5216-0ba00-2tb2 Firmware< 4.5
Siemens6gk5216-0ba00-2ab2 Firmware< 4.5
Siemens6gk5206-2bd00-2ac2 Firmware< 4.5
Siemens6gk5206-2bb00-2ac2 Firmware< 4.5
Siemens6gk5206-2rs00-2ac2 Firmware< 4.5
Siemens6gk5206-2rs00-5ac2 Firmware< 4.5
Siemens6gk5206-2rs00-5fc2 Firmware< 4.5
Siemens6gk5206-2bs00-2ac2 Firmware< 4.5
Siemens6gk5206-2bs00-2fc2 Firmware< 4.5
Siemens6gk5206-2gs00-2ac2 Firmware< 4.5
Siemens6gk5206-2gs00-2tc2 Firmware< 4.5
Siemens6gk5206-2gs00-2fc2 Firmware< 4.5
Siemens6gk5208-0ba00-2ac2 Firmware< 4.5
Siemens6gk5208-0ba00-2fc2 Firmware< 4.5
Siemens6gk5208-0ga00-2ac2 Firmware< 4.5
Siemens6gk5208-0ga00-2tc2 Firmware< 4.5
Siemens6gk5208-0ga00-2fc2 Firmware< 4.5
Siemens6gk5208-0ra00-2ac2 Firmware< 4.5
Siemens6gk5208-0ra00-5ac2 Firmware< 4.5
Siemens6gk5216-0ba00-2ac2 Firmware< 4.5
Siemens6gk5216-3rs00-2ac2 Firmware< 4.5
Siemens6gk5216-3rs00-5ac2 Firmware< 4.5
Siemens6gk5216-4bs00-2ac2 Firmware< 4.5
Siemens6gk5216-4gs00-2ac2 Firmware< 4.5
Siemens6gk5216-4gs00-2tc2 Firmware< 4.5
Siemens6gk5216-4gs00-2fc2 Firmware< 4.5
Siemens6gk5216-0ba00-2fc2 Firmware< 4.5
Siemens6gk5224-0ba00-2ac2 Firmware< 4.5
Siemens6gk5224-4gs00-2ac2 Firmware< 4.5
Siemens6gk5224-4gs00-2tc2 Firmware< 4.5
Siemens6gk5224-4gs00-2fc2 Firmware< 4.5
Siemens6gk5204-0ba00-2gf2 Firmware< 4.5
Siemens6gk5204-0ba00-2yf2 Firmware< 4.5
Siemens6gk5204-2aa00-2gf2 Firmware< 4.5
Siemens6gk5204-2aa00-2yf2 Firmware< 4.5
Siemens6gk5208-0ha00-2as6 Firmware< 4.5

Showing 50 of 71 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2023-44321?
Affected devices do not properly validate the length of inputs when performing certain configuration changes in the web interface allowing an authenticated attacker to cause a denial of service condition. The device needs to be restarted for the web interface to become available again.
How severe is CVE-2023-44321?
CVE-2023-44321 has a CVSS score of 5.1/10 (MEDIUM severity). The EPSS model estimates a 1.00% probability of exploitation in the next 30 days.
How do I fix CVE-2023-44321?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-44321?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST