CVE-2023-49691

CVSS 3.1 Score 6.7 of 10 (medium)

Details

Published Dec 12, 2023

Updated: Aug 13, 2024

CWE ID 78

Summary

CVE-2023-49691 is a critical vulnerability affecting multiple RUGGEDCOM and SCALANCE devices, including RM1224 LTE(4G) EU and NAM, SCALANCE M804PB, M812-1 ADSL-Router, M816-1 ADSL-Router, M826-2 SHDSL-Router, M874-2, M874-3, M876-3, M876-4, MUM853-1, MUM856-1, MUM856-1 (RoW), S615 EEC LTE LAN-Router, and S615 LAN-Router. The vulnerability involves an improper neutralization of special elements used in an OS command with root privileges. Malicious local administrators can exploit this weakness to issue system-level commands after a successful IP address update, putting these devices at risk for unauthorized access and potential data breaches. All versions of the listed devices prior to V8.0 are affected.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Vendors

Siemens AG

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners