Full Report
Siemens has released new versions for the affected products and recommends to update to the latest versions.
Analysis Summary
# Vulnerability: Injection Vulnerability in Siemens SCALANCE W700 802.11 AX Family
## CVE Details
- CVE ID: CVE-2023-44373
- CVSS Score: 9.1 (Critical) (v3.1) / 9.4 (Critical) (v4.0)
- CWE: CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
## Affected Systems
- Products: SCALANCE W-700 IEEE 802.11ax family, including SCALANCE WAB762-1, WAM763-1 (and variants), WAM766-1 (and variants), and WUB762-1.
- Versions: All versions prior to V2.4.0.
- Configurations: Requires authenticated access with administrative privileges.
## Vulnerability Description
The vulnerability stems from affected devices not properly sanitizing an input field (Injection flaw, tracking follow-up to CVE-2022-36323). This flaw allows an authenticated remote attacker with administrative privileges to inject code or potentially spawn a system root shell on the affected device.
**CVSS 3.1 Vector:** `CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C`
## Exploitation
- Status: Exploitation Status is implied via CVSS Environmental Score E:P (Proof-of-Concept/Exploit code is likely available, or the vulnerability is known to be exploitable).
- Complexity: Low (AC:L - Attack Complexity Low)
- Attack Vector: Network (AV:N)
## Impact
- Confidentiality: High (C:H)
- Integrity: High (I:H)
- Availability: High (A:H)
## Remediation
### Patches
- Update to **V2.4.0 or later version** for all affected SCALANCE W-700 products.
### Workarounds
- The advisory recommends updating to the latest version. No specific temporary workarounds were detailed in the provided text, but access restriction strategies should be considered if immediate patching is impossible.
## Detection
- Detection methods are not explicitly detailed in the summarized text.
- **Indicators of Compromise (IOCs):** Unauthorized code execution or persistent shell access originating from an administrative network session should be investigated.
## References
- Vendor Advisory: SSA-721642
- Siemens Support Link for Patch: https://support.industry.siemens.com/cs/ww/en/view/109974327/
- Siemens Industrial Security Information: https://www.siemens.com/industrialsecurity