Strix
26.1K

CVE-2023-44373

CRITICALCVSS 9.4/10EPSS 1.35%

Last modified

CVE-2023-44373 is a critical-severity vulnerability rated 9.4/10 on the CVSS scale. Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. EPSS estimates a 1.35% chance of exploitation in the next 30 days.

Description

Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. Follow-up of CVE-2022-36323.

Metrics

CVSS 3.1
9.1/10

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CVSS 4.0
9.4/10

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Probability
1.35%

68.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
Siemens6gk5205-3bb00-2ab2 Firmware< 4.5
Siemens6gk5205-3bb00-2tb2 Firmware< 4.5
Siemens6gk5205-3bd00-2tb2 Firmware< 4.5
Siemens6gk5205-3bd00-2ab2 Firmware< 4.5
Siemens6gk5205-3bf00-2tb2 Firmware<= 4.5
Siemens6gk5205-3bf00-2ab2 Firmware< 4.5
Siemens6gk5208-0ba00-2tb2 Firmware< 4.5
Siemens6gk5208-0ba00-2ab2 Firmware< 4.5
Siemens6gk5213-3bd00-2tb2 Firmware< 4.5
Siemens6gk5213-3bd00-2ab2 Firmware< 4.5
Siemens6gk5213-3bb00-2tb2 Firmware< 4.5
Siemens6gk5213-3bb00-2ab2 Firmware< 4.5
Siemens6gk5213-3bf00-2tb2 Firmware< 4.5
Siemens6gk5213-3bf00-2ab2 Firmware< 4.5
Siemens6gk5216-0ba00-2tb2 Firmware< 4.5
Siemens6gk5216-0ba00-2ab2 Firmware< 4.5
Siemens6gk5206-2bd00-2ac2 Firmware< 4.5
Siemens6gk5206-2bb00-2ac2 Firmware< 4.5
Siemens6gk5206-2rs00-2ac2 Firmware< 4.5
Siemens6gk5206-2rs00-5ac2 Firmware< 4.5
Siemens6gk5206-2rs00-5fc2 Firmware< 4.5
Siemens6gk5206-2bs00-2ac2 Firmware< 4.5
Siemens6gk5206-2bs00-2fc2 Firmware< 4.5
Siemens6gk5206-2gs00-2ac2 Firmware< 4.5
Siemens6gk5206-2gs00-2tc2 Firmware< 4.5
Siemens6gk5206-2gs00-2fc2 Firmware< 4.5
Siemens6gk5208-0ba00-2ac2 Firmware< 4.5
Siemens6gk5208-0ba00-2fc2 Firmware< 4.5
Siemens6gk5208-0ga00-2ac2 Firmware< 4.5
Siemens6gk5208-0ga00-2tc2 Firmware< 4.5
Siemens6gk5208-0ga00-2fc2 Firmware< 4.5
Siemens6gk5208-0ra00-2ac2 Firmware< 4.5
Siemens6gk5208-0ra00-5ac2 Firmware< 4.5
Siemens6gk5216-0ba00-2ac2 Firmware< 4.5
Siemens6gk5216-3rs00-2ac2 Firmware< 4.5
Siemens6gk5216-3rs00-5ac2 Firmware< 4.5
Siemens6gk5216-4bs00-2ac2 Firmware< 4.5
Siemens6gk5216-4gs00-2ac2 Firmware< 4.5
Siemens6gk5216-4gs00-2tc2 Firmware< 4.5
Siemens6gk5216-4gs00-2fc2 Firmware< 4.5
Siemens6gk5216-0ba00-2fc2 Firmware< 4.5
Siemens6gk5224-0ba00-2ac2 Firmware< 4.5
Siemens6gk5224-4gs00-2ac2 Firmware< 4.5
Siemens6gk5224-4gs00-2tc2 Firmware< 4.5
Siemens6gk5224-4gs00-2fc2 Firmware< 4.5
Siemens6gk5204-0ba00-2gf2 Firmware< 4.5
Siemens6gk5204-0ba00-2yf2 Firmware< 4.5
Siemens6gk5204-2aa00-2gf2 Firmware< 4.5
Siemens6gk5204-2aa00-2yf2 Firmware< 4.5
Siemens6gk5208-0ha00-2as6 Firmware< 4.5

Showing 50 of 71 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2023-44373?
Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. Follow-up of CVE-2022-36323.
How severe is CVE-2023-44373?
CVE-2023-44373 has a CVSS score of 9.4/10 (CRITICAL severity). The EPSS model estimates a 1.35% probability of exploitation in the next 30 days.
How do I fix CVE-2023-44373?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-44373?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST