CVE & CISA-KEV Catalog

CVE-2023-44374

MEDIUM
6.5
CVSS v3
NVD

Description

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.0), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.0), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.0), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.0), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.0), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.0), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.0), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.0), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.0), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.0), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.0), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.0), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.0), SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V3.0.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V3.0.0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions < V3.0.0), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) (All versions < V3.0.0), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (All versions < V3.0.0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions < V3.0.0), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) (All versions < V3.0.0), SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) (All versions < V3.0.0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0) (All versions < V3.0.0), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) (All versions < V3.0.0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0) (All versions < V3.0.0). Affected devices allow to change the password, but insufficiently check which password is to be changed. With this an authenticated attacker could, under certain conditions, be able to change the password of another, potential admin user, which could allow to escalate privileges.

How to fix

Remediation Available
6ag1206-2bb00-7ac2 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6ag1206-2bs00-7ac2 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6ag1208-0ba00-7ac2 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6ag1216-4bs00-7ac2 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5204-0ba00-2gf2 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5204-0ba00-2yf2 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5204-2aa00-2gf2 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5204-2aa00-2yf2 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5205-3bb00-2ab2 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5205-3bb00-2tb2 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5205-3bd00-2ab2 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5205-3bd00-2tb2 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5205-3bf00-2ab2 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5206-2bb00-2ac2 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5206-2bd00-2ac2 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5206-2bs00-2ac2 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5206-2bs00-2fc2 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5206-2gs00-2ac2 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5206-2gs00-2fc2 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5206-2gs00-2tc2 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5206-2rs00-2ac2 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5206-2rs00-5ac2 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5206-2rs00-5fc2 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5208-0ba00-2ab2 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5208-0ba00-2ac2 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5208-0ba00-2fc2 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5208-0ba00-2tb2 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5208-0ga00-2ac2 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5208-0ga00-2fc2 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5208-0ga00-2tc2 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5208-0ha00-2as6 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5208-0ha00-2es6 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5208-0ha00-2ts6 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5208-0ra00-2ac2 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5208-0ra00-5ac2 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5208-0ua00-5es6 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5213-3bb00-2ab2 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5213-3bb00-2tb2 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5213-3bd00-2ab2 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5213-3bd00-2tb2 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5213-3bf00-2ab2 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5213-3bf00-2tb2 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5216-0ba00-2ab2 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5216-0ba00-2ac2 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5216-0ba00-2fc2 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5216-0ba00-2tb2 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5216-0ha00-2as6 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5216-0ha00-2es6 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5216-0ha00-2ts6 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5216-0ua00-5es6 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5216-3rs00-2ac2 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5216-3rs00-5ac2 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5216-4bs00-2ac2 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5216-4gs00-2ac2 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5216-4gs00-2fc2 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5216-4gs00-2tc2 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5224-0ba00-2ac2 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5224-4gs00-2ac2 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5224-4gs00-2fc2 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5224-4gs00-2tc2 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5324-0ba00-2ar3 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5324-0ba00-3ar3 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5326-2qs00-3ar3 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5326-2qs00-3rr3 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5328-4fs00-2ar3 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5328-4fs00-2rr3 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5328-4fs00-3ar3 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5328-4fs00-3rr3 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5328-4ss00-2ar3 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD
6gk5328-4ss00-3ar3 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2023-44374derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityHigh
AvailabilityNone

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploit Intelligence

0.67%probability of exploitation in 30 days
47thpercentile

Moderate risk: more likely to be exploited than 47% of all known CVEs.

References

Embed a live status badge for CVE-2023-44374
CVE-2023-44374 severity badge

Markdown

[![CVE-2023-44374](https://tridentstack.com/cve/badge/CVE-2023-44374.svg)](https://tridentstack.com/cve/CVE-2023-44374)

HTML

<a href="https://tridentstack.com/cve/CVE-2023-44374"><img src="https://tridentstack.com/cve/badge/CVE-2023-44374.svg" alt="CVE-2023-44374"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2025-01-14.