CVE-2023-44321
LOWSiemens 6GK5205 and 6GK5213 Firmware < 4.5 - Authenticated Denial of Service via Web Interface Configuration
Title source: llmDescription
Affected devices do not properly validate the length of inputs when performing certain configuration changes in the web interface allowing an authenticated attacker to cause a denial of service condition. The device needs to be restarted for the web interface to become available again.
References (7)
Core 7
Core References
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-087301.html
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-180704.html
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-353002.html
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-602936.html
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-699386.html
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-180704.pdf
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf
Scores
CVSS v3
2.7
EPSS
0.0010
EPSS Percentile
26.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-400
Status
published
Products (50)
siemens/6ag1206-2bb00-7ac2_firmware
< 4.5
siemens/6ag1206-2bs00-7ac2_firmware
< 4.5
siemens/6ag1208-0ba00-7ac2_firmware
< 4.5
siemens/6ag1216-4bs00-7ac2_firmware
< 4.5
siemens/6gk5204-0ba00-2gf2_firmware
< 4.5
siemens/6gk5204-0ba00-2yf2_firmware
< 4.5
siemens/6gk5204-2aa00-2gf2_firmware
< 4.5
siemens/6gk5204-2aa00-2yf2_firmware
< 4.5
siemens/6gk5205-3bb00-2ab2_firmware
< 4.5
siemens/6gk5205-3bb00-2tb2_firmware
< 4.5
... and 40 more
Published
Nov 14, 2023
Tracked Since
Feb 18, 2026