CVE-2023-52238
MEDIUMRUGGEDCOM RST2228 <5.9.0, RUGGEDCOM RST2228P <5.9.0 - Info Disclosure
Title source: llmDescription
A vulnerability has been identified in RUGGEDCOM RST2228 (All versions < V5.9.0), RUGGEDCOM RST2228P (All versions < V5.9.0). The web server of the affected systems leaks the MACSEC key in clear text to a logged in user. An attacker with the credentials of a low privileged user could retrieve the MACSEC key and access (decrypt) the ethernet frames sent by authorized recipients.
References (1)
Core 1
Core References
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-170375.html
Scores
CVSS v3
4.3
EPSS
0.0008
EPSS Percentile
23.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-200
Status
published
Products (2)
Siemens/RUGGEDCOM RST2228
< V5.9.0
Siemens/RUGGEDCOM RST2228P
< V5.9.0
Published
Jul 09, 2024
Tracked Since
Feb 18, 2026