CVE-2023-44374

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Nov 14, 2023

Updated: Jan 14, 2025

CWE ID 567

Summary

CVE-2023-44374 refers to a password change vulnerability affecting multiple RUGGEDCOM and SCALANCE devices, including the RM1224 LTE series, SCALANCE M804PB, M812-1 ADSL-Router, M816-1 ADSL-Router, M826-2 SHDSL-Router, M874-2, M874-3, M876-3, M876-4, MUM853-1, MUM856-1, S615 EEC LAN-Router, S615 LAN-Router, WAB762-1, WAM763-1, WAM766-1, and WUB762-1. The vulnerability lies in the fact that these devices allow password changes without sufficiently checking which password is being altered. An attacker with authorized access could potentially manipulate this process to change the password of another user, including potential admin accounts, leading to privilege escalation. All versions of the listed devices prior to V8.0 are affected.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Vendors

Siemens AG

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Know What Matters

For Customers

For Partners