CVE-2023-44317
📋 TL;DR
This vulnerability affects multiple Siemens industrial networking devices where improper validation of uploaded X509 certificates could allow attackers with administrative privileges to execute arbitrary code. The flaw impacts various RUGGEDCOM, SCALANCE, and other Siemens router products running outdated firmware versions.
💻 Affected Systems
- RUGGEDCOM RM1224 LTE(4G) EU
- RUGGEDCOM RM1224 LTE(4G) NAM
- SCALANCE M804PB
- SCALANCE M812-1 ADSL-Router
- SCALANCE M816-1 ADSL-Router
- SCALANCE M826-2 SHDSL-Router
- SCALANCE M874-2
- SCALANCE M874-3
- SCALANCE M876-3
- SCALANCE M876-4
- SCALANCE MUM853-1
- SCALANCE MUM856-1
- SCALANCE S615 EEC LAN-Router
- SCALANCE S615 LAN-Router
- SCALANCE WAB762-1
- SCALANCE WAM763-1
- SCALANCE WAM766-1
- SCALANCE WUB762-1
- SCALANCE WUM763-1
- SCALANCE WUM766-1
📦 What is this software?
Scalance Xb205 3 \(sc\, Pn\) Firmware by Siemens
View all CVEs affecting Scalance Xb205 3 \(sc\, Pn\) Firmware →
Scalance Xb205 3 \(st\, E\/ip\) Firmware by Siemens
View all CVEs affecting Scalance Xb205 3 \(st\, E\/ip\) Firmware →
Scalance Xb205 3 \(st\, Pn\) Firmware by Siemens
View all CVEs affecting Scalance Xb205 3 \(st\, Pn\) Firmware →
Scalance Xb205 3ld \(sc\, E\/ip\) Firmware by Siemens
View all CVEs affecting Scalance Xb205 3ld \(sc\, E\/ip\) Firmware →
Scalance Xb205 3ld \(sc\, Pn\) Firmware by Siemens
View all CVEs affecting Scalance Xb205 3ld \(sc\, Pn\) Firmware →
Scalance Xb208 \(e\/ip\) Firmware by Siemens
Scalance Xb213 3 \(sc\, E\/ip\) Firmware by Siemens
View all CVEs affecting Scalance Xb213 3 \(sc\, E\/ip\) Firmware →
Scalance Xb213 3 \(sc\, Pn\) Firmware by Siemens
View all CVEs affecting Scalance Xb213 3 \(sc\, Pn\) Firmware →
Scalance Xb213 3 \(st\, E\/ip\) Firmware by Siemens
View all CVEs affecting Scalance Xb213 3 \(st\, E\/ip\) Firmware →
Scalance Xb213 3 \(st\, Pn\) Firmware by Siemens
View all CVEs affecting Scalance Xb213 3 \(st\, Pn\) Firmware →
Scalance Xb213 3ld \(sc\, E\/ip\) Firmware by Siemens
View all CVEs affecting Scalance Xb213 3ld \(sc\, E\/ip\) Firmware →
Scalance Xb213 3ld \(sc\, Pn\) Firmware by Siemens
View all CVEs affecting Scalance Xb213 3ld \(sc\, Pn\) Firmware →
Scalance Xb216 \(e\/ip\) Firmware by Siemens
Scalance Xc206 2 \(sc\) Firmware by Siemens
Scalance Xc206 2 \(st\/bfoc\) Firmware by Siemens
View all CVEs affecting Scalance Xc206 2 \(st\/bfoc\) Firmware →
Scalance Xc206 2g Poe \(54 V Dc\) Firmware by Siemens
View all CVEs affecting Scalance Xc206 2g Poe \(54 V Dc\) Firmware →
Scalance Xc206 2g Poe Eec \(54 V Dc\) Firmware by Siemens
View all CVEs affecting Scalance Xc206 2g Poe Eec \(54 V Dc\) Firmware →
Scalance Xc206 2sfp Eec Firmware by Siemens
Scalance Xc206 2sfp G \(eip Def.\) Firmware by Siemens
View all CVEs affecting Scalance Xc206 2sfp G \(eip Def.\) Firmware →
Scalance Xc206 2sfp G Eec Firmware by Siemens
View all CVEs affecting Scalance Xc206 2sfp G Eec Firmware →
Scalance Xc208g \(eip Def.\) Firmware by Siemens
View all CVEs affecting Scalance Xc208g \(eip Def.\) Firmware →
Scalance Xc208g Poe \(54 V Dc\) Firmware by Siemens
View all CVEs affecting Scalance Xc208g Poe \(54 V Dc\) Firmware →
Scalance Xc216 3g Poe \(54 V Dc\) Firmware by Siemens
View all CVEs affecting Scalance Xc216 3g Poe \(54 V Dc\) Firmware →
Scalance Xc216 4c G \(eip Def.\) Firmware by Siemens
View all CVEs affecting Scalance Xc216 4c G \(eip Def.\) Firmware →
Scalance Xc216 4c G Eec Firmware by Siemens
Scalance Xc224 4c G \(eip Def.\) Firmware by Siemens
View all CVEs affecting Scalance Xc224 4c G \(eip Def.\) Firmware →
Scalance Xc224 4c G Eec Firmware by Siemens
Scalance Xf204 2ba Dna Firmware by Siemens
Scalance Xp208 \(ethernet\/ip\) Firmware by Siemens
View all CVEs affecting Scalance Xp208 \(ethernet\/ip\) Firmware →
Scalance Xp216 \(ethernet\/ip\) Firmware by Siemens
View all CVEs affecting Scalance Xp216 \(ethernet\/ip\) Firmware →
Scalance Xr324wg \(24 X Fe\, Ac 230v\) Firmware by Siemens
View all CVEs affecting Scalance Xr324wg \(24 X Fe\, Ac 230v\) Firmware →
Scalance Xr324wg \(24 X Fe\, Dc 24v\) Firmware by Siemens
View all CVEs affecting Scalance Xr324wg \(24 X Fe\, Dc 24v\) Firmware →
Scalance Xr326 2c Poe Wg \(without Ul\) Firmware by Siemens
View all CVEs affecting Scalance Xr326 2c Poe Wg \(without Ul\) Firmware →
Scalance Xr326 2c Poe Wg Firmware by Siemens
Scalance Xr328 4c Wg \(24xfe\, 4xge\, 24v\) Firmware by Siemens
View all CVEs affecting Scalance Xr328 4c Wg \(24xfe\, 4xge\, 24v\) Firmware →
Scalance Xr328 4c Wg \(24xfe\, 4xge\,dc24v\) Firmware by Siemens
View all CVEs affecting Scalance Xr328 4c Wg \(24xfe\, 4xge\,dc24v\) Firmware →
Scalance Xr328 4c Wg \(24xfe\,4xge\,ac230v\) Firmware by Siemens
View all CVEs affecting Scalance Xr328 4c Wg \(24xfe\,4xge\,ac230v\) Firmware →
Scalance Xr328 4c Wg \(28xge\, Ac 230v\) Firmware by Siemens
View all CVEs affecting Scalance Xr328 4c Wg \(28xge\, Ac 230v\) Firmware →
Scalance Xr328 4c Wg \(28xge\, Dc 24v\) Firmware by Siemens
View all CVEs affecting Scalance Xr328 4c Wg \(28xge\, Dc 24v\) Firmware →
Siplus Net Scalance Xc206 2 Firmware by Siemens
View all CVEs affecting Siplus Net Scalance Xc206 2 Firmware →
Siplus Net Scalance Xc206 2sfp Firmware by Siemens
View all CVEs affecting Siplus Net Scalance Xc206 2sfp Firmware →
⚠️ Risk & Real-World Impact
Worst Case
Complete device compromise allowing remote code execution, potential lateral movement into industrial control networks, and disruption of critical infrastructure operations.
Likely Case
Privileged attackers gaining persistent access to network devices, enabling traffic interception, network manipulation, and further exploitation of connected systems.
If Mitigated
Limited impact due to proper network segmentation, strong administrative access controls, and certificate management policies preventing unauthorized certificate uploads.
🎯 Exploit Status
Exploitation requires administrative access to upload malicious certificates. No public exploits available as of analysis.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: V7.2.2 for most products, V3.0.0 for W-series products
Vendor Advisory: https://cert-portal.siemens.com/productcert/html/ssa-068047.html
Restart Required: Yes
Instructions:
1. Download firmware update from Siemens Industrial Security website. 2. Backup device configuration. 3. Apply firmware update via web interface or console. 4. Verify successful update and restore configuration if needed.
🔧 Temporary Workarounds
Restrict administrative access
allLimit administrative access to trusted networks and implement strong authentication for administrative interfaces.
Implement certificate management controls
allEstablish strict policies for certificate uploads and validation, including certificate pinning and revocation checking.
🧯 If You Can't Patch
- Segment affected devices in isolated network zones with strict firewall rules
- Implement network monitoring for certificate upload attempts and unusual administrative activity
🔍 How to Verify
Check if Vulnerable:
Check device firmware version via web interface or CLI. Compare against affected version ranges.Check Version:
show version (CLI) or check System Information in web interfaceVerify Fix Applied:
Confirm firmware version is V7.2.2 or higher (V3.0.0 or higher for W-series) and test certificate upload functionality.📡 Detection & Monitoring
Log Indicators:
- Failed certificate validation attempts
- Unusual administrative certificate uploads
- System process execution anomalies
Network Indicators:
- Unexpected administrative connections to device management interfaces
- Certificate upload traffic to affected devices
SIEM Query:
source_ip IN (admin_networks) AND dest_port IN (80,443,22) AND action='certificate_upload' AND device_type IN (affected_models)🔗 References
- https://cert-portal.siemens.com/productcert/html/ssa-068047.html
- https://cert-portal.siemens.com/productcert/html/ssa-602936.html
- https://cert-portal.siemens.com/productcert/html/ssa-690517.html
- https://cert-portal.siemens.com/productcert/html/ssa-699386.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-068047.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf
- https://cert-portal.siemens.com/productcert/html/ssa-068047.html
- https://cert-portal.siemens.com/productcert/html/ssa-602936.html
- https://cert-portal.siemens.com/productcert/html/ssa-690517.html
- https://cert-portal.siemens.com/productcert/html/ssa-699386.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-068047.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf
