CVE-2023-44318
moderate-risk
Published 2023-11-14
Affected devices use a hardcoded key to obfuscate the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that obtains a configuration backup to extract configuration information from the exported file.
Do I need to act?
-
0.16% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.9/10
Medium
NETWORK
/ LOW complexity
Affected Products (20)
6Gk5205-3Bb00-2Ab2 Firmware
6Gk5205-3Bb00-2Tb2 Firmware
6Gk5205-3Bd00-2Tb2 Firmware
6Gk5205-3Bd00-2Ab2 Firmware
6Gk5205-3Bf00-2Tb2 Firmware
6Gk5205-3Bf00-2Ab2 Firmware
6Gk5208-0Ba00-2Tb2 Firmware
6Gk5208-0Ba00-2Ab2 Firmware
6Gk5213-3Bd00-2Tb2 Firmware
6Gk5213-3Bd00-2Ab2 Firmware
6Gk5213-3Bb00-2Tb2 Firmware
6Gk5213-3Bb00-2Ab2 Firmware
6Gk5213-3Bf00-2Tb2 Firmware
6Gk5213-3Bf00-2Ab2 Firmware
6Gk5216-0Ba00-2Tb2 Firmware
6Gk5216-0Ba00-2Ab2 Firmware
6Gk5206-2Bd00-2Ac2 Firmware
6Gk5206-2Bb00-2Ac2 Firmware
6Gk5206-2Rs00-2Ac2 Firmware
6Gk5206-2Rs00-5Ac2 Firmware
Affected Vendors
References (10)
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf
49
/ 100
moderate-risk
Severity
20/34 · Moderate
Exploitability
1/34 · Minimal
Exposure
28/34 · Critical