VDB
ICSA-23-257-04
ICSA-23-257-04
PUBLISHED
CVSS 5.900000095367432 MEDIUM
Insyde has published information on vulnerabilities in Insyde BIOS up to August 2023. These vulnerabilities also affect the RUGGEDCOM APE1808 product family. Siemens has released updates for the affected products and recommends to update to the latest versions.
Risk Scores
CVSS 3.1
5.900000095367432
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| RUGGEDCOM APE1808 SAM-L (6GK6015-0AL20-0GN0) | ||
| RUGGEDCOM APE1808CLA-S1 (6GK6015-0AL20-1AB0) | ||
| RUGGEDCOM APE1808 CKP (6GK6015-0AL20-0GK0) | ||
| RUGGEDCOM APE1808 ADM (6GK6015-0AL20-0GL0) | ||
| RUGGEDCOM APE1808 CLOUDCONNECT CC (6GK6015-0AL20-0GM1) | ||
| RUGGEDCOM APE1808 SAM-L CC (6GK6015-0AL20-0GN1) | ||
| RUGGEDCOM APE1808CLA-P (6GK6015-0AL20-1AA0) | ||
| RUGGEDCOM APE1808CLA-S5 CC (6GK6015-0AL20-1AF1) | ||
| RUGGEDCOM APE1808LNX (6GK6015-0AL20-0GH0) | ||
| RUGGEDCOM APE1808LNX CC (6GK6015-0AL20-0GH1) | ||
| RUGGEDCOM APE1808 ADM CC (6GK6015-0AL20-0GL1) | ||
| RUGGEDCOM APE1808CLA-P CC (6GK6015-0AL20-1AA1) | ||
| RUGGEDCOM APE1808 CKP CC (6GK6015-0AL20-0GK1) | ||
| RUGGEDCOM APE1808 ELAN (6GK6015-0AL20-0GP0) | ||
| RUGGEDCOM APE1808CLA-S3 CC (6GK6015-0AL20-1AD1) | ||
| RUGGEDCOM APE1808 CLOUDCONNECT (6GK6015-0AL20-0GM0) | ||
| RUGGEDCOM APE1808CLA-S1 CC (6GK6015-0AL20-1AB1) | ||
| RUGGEDCOM APE1808CLA-S3 (6GK6015-0AL20-1AD0) | ||
| RUGGEDCOM APE1808 ELAN CC (6GK6015-0AL20-0GP1) | ||
| RUGGEDCOM APE1808CLA-S5 (6GK6015-0AL20-1AF0) |
Exploit Intelligence
- https://cert-portal.siemens.com/productcert/csaf/ssa-957369.json (circl)
- https://cert-portal.siemens.com/productcert/html/ssa-957369.html (circl)
- https://cert-portal.siemens.com/productcert/pdf/ssa-957369.pdf (circl)
- https://cert-portal.siemens.com/productcert/txt/ssa-957369.txt (circl)
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2023/icsa-23-257-04.json (circl)
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-257-04 (circl)
- https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 (circl)
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices (circl)
- https://www.cisa.gov/topics/industrial-control-systems (circl)
- https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf (circl)
…and 3 more exploits
Timeline
- Sep 12, 2023 CVE Published
References
- https://cert-portal.siemens.com/productcert/csaf/ssa-957369.json advisory
- https://cert-portal.siemens.com/productcert/html/ssa-957369.html advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-957369.pdf advisory
- https://cert-portal.siemens.com/productcert/txt/ssa-957369.txt advisory
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2023/icsa-23-257-04.json advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-257-04 advisory
- https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 url
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
- https://www.cisa.gov/topics/industrial-control-systems url
- https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
- https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B url
- https://support.industry.siemens.com/cs/in/en/view/109814796 fix