VDB
ICSA-23-075-01
ICSA-23-075-01
PUBLISHED
CVSS 7.5 HIGH
Multiple third-party component vulnerabilities were reported for the Busybox applet, the Linux Kernel, OpenSSL, OpenVPN and various other components used by the RUGGEDCOM and SCALANCE products. The vulnerabilities range from improper neutralization of special elements to improper handling of commands under certain circumstances, that could lead to code injection and denial of service. Siemens has released updates for the affected products and recommends to update to the latest versions.
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SCALANCE S615 EEC (6GK5615-0AA01-2AA2) | ||
| SCALANCE M876-4 (6GK5876-4AA10-2BA2) | ||
| RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) | ||
| SCALANCE M874-3 (6GK5874-3AA00-2AA2) | ||
| SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) | ||
| SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) | ||
| SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2) | ||
| SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) | ||
| RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) | ||
| SCALANCE M876-3 (EVDO) (6GK5876-3AA02-2BA2) | ||
| SCALANCE M804PB (6GK5804-0AP00-2AA2) | ||
| SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) | ||
| SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) | ||
| SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) | ||
| SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2) | ||
| SCALANCE S615 (6GK5615-0AA00-2AA2) | ||
| SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2) | ||
| SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2) | ||
| SCALANCE M874-2 (6GK5874-2AA00-2AA2) | ||
| SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) |
Timeline
- Mar 14, 2023 CVE Published
- Dec 8, 2023 PoC Published
- Mar 1, 2024 PoC Published
- Jul 14, 2024 PoC Published
- Jul 17, 2024 PoC Published
- Oct 31, 2024 PoC Published
- Dec 27, 2024 PoC Published
- Feb 12, 2025 PoC Published
- Feb 13, 2025 PoC Published
- Mar 28, 2025 PoC Published
- Sep 19, 2025 PoC Published
- Sep 26, 2025 PoC Published
References
- https://support.industry.siemens.com/cs/document/109817007/ fix
- https://cert-portal.siemens.com/productcert/csaf/ssa-419740.json advisory
- https://cert-portal.siemens.com/productcert/txt/ssa-419740.txt advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-419740.pdf advisory
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2023/icsa-23-075-01.json advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-075-01 advisory
- https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 url
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
- https://www.cisa.gov/topics/industrial-control-systems url
- https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
- https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B url