Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-36748

Summary
Assigner-siemens
Assigner Org ID-cec7a2ec-15b4-4faf-bd53-b40f371f3a77
Published At-11 Jul, 2023 | 09:07
Updated At-27 Nov, 2024 | 14:16
Rejected At-
Credits

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The affected devices are configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over to and from the affected device.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:siemens
Assigner Org ID:cec7a2ec-15b4-4faf-bd53-b40f371f3a77
Published At:11 Jul, 2023 | 09:07
Updated At:27 Nov, 2024 | 14:16
Rejected At:
â–¼CVE Numbering Authority (CNA)

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The affected devices are configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over to and from the affected device.

Affected Products
Vendor
Siemens AGSiemens
Product
RUGGEDCOM ROX MX5000
Default Status
unknown
Versions
Affected
  • All versions < V2.16.0
Vendor
Siemens AGSiemens
Product
RUGGEDCOM ROX MX5000RE
Default Status
unknown
Versions
Affected
  • All versions < V2.16.0
Vendor
Siemens AGSiemens
Product
RUGGEDCOM ROX RX1400
Default Status
unknown
Versions
Affected
  • All versions < V2.16.0
Vendor
Siemens AGSiemens
Product
RUGGEDCOM ROX RX1500
Default Status
unknown
Versions
Affected
  • All versions < V2.16.0
Vendor
Siemens AGSiemens
Product
RUGGEDCOM ROX RX1501
Default Status
unknown
Versions
Affected
  • All versions < V2.16.0
Vendor
Siemens AGSiemens
Product
RUGGEDCOM ROX RX1510
Default Status
unknown
Versions
Affected
  • All versions < V2.16.0
Vendor
Siemens AGSiemens
Product
RUGGEDCOM ROX RX1511
Default Status
unknown
Versions
Affected
  • All versions < V2.16.0
Vendor
Siemens AGSiemens
Product
RUGGEDCOM ROX RX1512
Default Status
unknown
Versions
Affected
  • All versions < V2.16.0
Vendor
Siemens AGSiemens
Product
RUGGEDCOM ROX RX1524
Default Status
unknown
Versions
Affected
  • All versions < V2.16.0
Vendor
Siemens AGSiemens
Product
RUGGEDCOM ROX RX1536
Default Status
unknown
Versions
Affected
  • All versions < V2.16.0
Vendor
Siemens AGSiemens
Product
RUGGEDCOM ROX RX5000
Default Status
unknown
Versions
Affected
  • All versions < V2.16.0
Problem Types
TypeCWE IDDescription
CWECWE-326CWE-326: Inadequate Encryption Strength
Type: CWE
CWE ID: CWE-326
Description: CWE-326: Inadequate Encryption Strength
Metrics
VersionBase scoreBase severityVector
3.15.9MEDIUM
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf
N/A
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf
Resource: N/A
â–¼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf
x_transferred
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:productcert@siemens.com
Published At:11 Jul, 2023 | 10:15
Updated At:18 Jul, 2023 | 16:40

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The affected devices are configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over to and from the affected device.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.8MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Secondary3.15.9MEDIUM
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L
Type: Primary
Version: 3.1
Base score: 6.8
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Type: Secondary
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L
CPE Matches
Siemens AG
siemens
>>ruggedcom_rox_mx5000_firmware>>Versions before 2.16.0(exclusive)
cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>ruggedcom_rox_mx5000>>-
cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>ruggedcom_rox_mx5000re_firmware>>Versions before 2.16.0(exclusive)
cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>ruggedcom_rox_mx5000re>>-
cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>ruggedcom_rox_rx1400_firmware>>Versions before 2.16.0(exclusive)
cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>ruggedcom_rox_rx1400>>-
cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>ruggedcom_rox_rx1500_firmware>>Versions before 2.16.0(exclusive)
cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>ruggedcom_rox_rx1500>>-
cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>ruggedcom_rox_rx1501_firmware>>Versions before 2.16.0(exclusive)
cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>ruggedcom_rox_rx1501>>-
cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>ruggedcom_rox_rx1510>>-
cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>ruggedcom_rox_rx1510_firmware>>Versions before 2.16.0(exclusive)
cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>ruggedcom_rox_rx1511>>-
cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>ruggedcom_rox_rx1511_firmware>>Versions before 2.16.0(exclusive)
cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>ruggedcom_rox_rx1512_firmware>>Versions before 2.16.0(exclusive)
cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>ruggedcom_rox_rx1512>>-
cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>ruggedcom_rox_rx1524_firmware>>Versions before 2.16.0(exclusive)
cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>ruggedcom_rox_rx1524>>-
cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>ruggedcom_rox_rx1536>>-
cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>ruggedcom_rox_rx1536_firmware>>Versions before 2.16.0(exclusive)
cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>ruggedcom_rox_rx5000>>-
cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>ruggedcom_rox_rx5000_firmware>>Versions before 2.16.0(exclusive)
cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-326Primarynvd@nist.gov
CWE-326Secondaryproductcert@siemens.com
CWE ID: CWE-326
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-326
Type: Secondary
Source: productcert@siemens.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdfproductcert@siemens.com
Vendor Advisory
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf
Source: productcert@siemens.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

13Records found
CVE-2019-6110
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-57.57% / 98.19%
||
7 Day CHG~0.00%
Published-31 Jan, 2019 | 00:00
Updated-18 Dec, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.

Action-Not Available
Vendor-winscpn/aOpenBSDSiemens AGNetApp, Inc.
Product-opensshwinscpstorage_automation_storescalance_x204rna_eec_firmwareontap_select_deployscalance_x204rna_eecscalance_x204rnaelement_softwarescalance_x204rna_firmwaren/a
CWE ID-CWE-838
Inappropriate Encoding for Output Context
CVE-2019-6109
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-9.74% / 93.04%
||
7 Day CHG~0.00%
Published-31 Jan, 2019 | 00:00
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.

Action-Not Available
Vendor-winscpn/aDebian GNU/LinuxFedora ProjectSiemens AGNetApp, Inc.Canonical Ltd.Red Hat, Inc.OpenBSDFujitsu Limited
Product-ubuntu_linuxscalance_x204rna_eecm12-1m10-4s_firmwarescalance_x204rna_firmwareenterprise_linux_server_auswinscpenterprise_linuxm10-4_firmwarem10-4m10-4sm12-1_firmwareelement_softwarem12-2sdebian_linuxontap_select_deployscalance_x204rna_eec_firmwarefedoraopensshstorage_automation_storeenterprise_linux_eusscalance_x204rnam10-1_firmwarem10-1m12-2s_firmwareenterprise_linux_server_tusm12-2_firmwarem12-2n/a
CWE ID-CWE-116
Improper Encoding or Escaping of Output
CVE-2025-26465
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-61.74% / 98.36%
||
7 Day CHG+0.52%
Published-18 Feb, 2025 | 18:27
Updated-12 May, 2026 | 13:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Openssh: machine-in-the-middle attack if verifyhostkeydns is enabled

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.

Action-Not Available
Vendor-OpenBSDSiemens AGRed Hat, Inc.Debian GNU/LinuxNetApp, Inc.
Product-active_iq_unified_managerdebian_linuxontapopenshift_container_platformopensshenterprise_linuxRed Hat Enterprise Linux 10Red Hat Discovery 1.14Red Hat OpenShift Container Platform 4Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9SIPLUS S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-1500 CPU 1518F-4 PN/DP MFP
CWE ID-CWE-390
Detection of Error Condition Without Action
CVE-2011-3389
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-3.83% / 88.30%
||
7 Day CHG~0.00%
Published-06 Sep, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.

Action-Not Available
Vendor-n/aCanonical Ltd.CURLGoogle LLCSiemens AGOperaRed Hat, Inc.Mozilla CorporationMicrosoft CorporationDebian GNU/Linux
Product-simatic_rf68xr_firmwaredebian_linuxubuntu_linuxopera_browserenterprise_linux_desktopsimatic_rf68xrenterprise_linux_server_auschromeinternet_explorerfirefoxenterprise_linux_serverenterprise_linux_workstationsimatic_rf615r_firmwarecurlwindowsenterprise_linux_eussimatic_rf615rn/a
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2021-37209
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-6.7||MEDIUM
EPSS-0.09% / 25.51%
||
7 Day CHG~0.00%
Published-08 Mar, 2022 | 00:00
Updated-12 Aug, 2025 | 12:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM i800 (All versions < V4.3.8), RUGGEDCOM i801 (All versions < V4.3.8), RUGGEDCOM i802 (All versions < V4.3.8), RUGGEDCOM i803 (All versions < V4.3.8), RUGGEDCOM M2100 (All versions < V4.3.8), RUGGEDCOM M2200 (All versions < V4.3.8), RUGGEDCOM M969 (All versions < V4.3.8), RUGGEDCOM RMC30 (All versions < V4.3.8), RUGGEDCOM RMC8388 V4.X (All versions < V4.3.8), RUGGEDCOM RMC8388 V5.X (All versions < V5.7.0), RUGGEDCOM RP110 (All versions < V4.3.8), RUGGEDCOM RS1600 (All versions < V4.3.8), RUGGEDCOM RS1600F (All versions < V4.3.8), RUGGEDCOM RS1600T (All versions < V4.3.8), RUGGEDCOM RS400 (All versions < V4.3.8), RUGGEDCOM RS401 (All versions < V4.3.8), RUGGEDCOM RS416 (All versions < V4.3.8), RUGGEDCOM RS416P (All versions < V4.3.8), RUGGEDCOM RS416Pv2 V4.X (All versions < V4.3.8), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.7.0), RUGGEDCOM RS416v2 V4.X (All versions < V4.3.8), RUGGEDCOM RS416v2 V5.X (All versions < V5.7.0), RUGGEDCOM RS8000 (All versions < V4.3.8), RUGGEDCOM RS8000A (All versions < V4.3.8), RUGGEDCOM RS8000H (All versions < V4.3.8), RUGGEDCOM RS8000T (All versions < V4.3.8), RUGGEDCOM RS900 (All versions < V4.3.8), RUGGEDCOM RS900 (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.7.0), RUGGEDCOM RS900G (All versions < V4.3.8), RUGGEDCOM RS900G (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.7.0), RUGGEDCOM RS900GP (All versions < V4.3.8), RUGGEDCOM RS900L (All versions < V4.3.8), RUGGEDCOM RS900M-GETS-C01 (All versions < V4.3.8), RUGGEDCOM RS900M-GETS-XX (All versions < V4.3.8), RUGGEDCOM RS900M-STND-C01 (All versions < V4.3.8), RUGGEDCOM RS900M-STND-XX (All versions < V4.3.8), RUGGEDCOM RS900W (All versions < V4.3.8), RUGGEDCOM RS910 (All versions < V4.3.8), RUGGEDCOM RS910L (All versions < V4.3.8), RUGGEDCOM RS910W (All versions < V4.3.8), RUGGEDCOM RS920L (All versions < V4.3.8), RUGGEDCOM RS920W (All versions < V4.3.8), RUGGEDCOM RS930L (All versions < V4.3.8), RUGGEDCOM RS930W (All versions < V4.3.8), RUGGEDCOM RS940G (All versions < V4.3.8), RUGGEDCOM RS969 (All versions < V4.3.8), RUGGEDCOM RSG2100 (All versions < V4.3.8), RUGGEDCOM RSG2100 (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.7.0), RUGGEDCOM RSG2100P (All versions < V4.3.8), RUGGEDCOM RSG2100P (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RSG2100P (32M) V5.X (All versions < V5.7.0), RUGGEDCOM RSG2200 (All versions < V4.3.8), RUGGEDCOM RSG2288 V4.X (All versions < V4.3.8), RUGGEDCOM RSG2288 V5.X (All versions < V5.7.0), RUGGEDCOM RSG2300 V4.X (All versions < V4.3.8), RUGGEDCOM RSG2300 V5.X (All versions < V5.7.0), RUGGEDCOM RSG2300P V4.X (All versions < V4.3.8), RUGGEDCOM RSG2300P V5.X (All versions < V5.7.0), RUGGEDCOM RSG2488 V4.X (All versions < V4.3.8), RUGGEDCOM RSG2488 V5.X (All versions < V5.7.0), RUGGEDCOM RSG907R (All versions < V5.7.0), RUGGEDCOM RSG908C (All versions < V5.7.0), RUGGEDCOM RSG909R (All versions < V5.7.0), RUGGEDCOM RSG910C (All versions < V5.7.0), RUGGEDCOM RSG920P V4.X (All versions < V4.3.8), RUGGEDCOM RSG920P V5.X (All versions < V5.7.0), RUGGEDCOM RSL910 (All versions < V5.7.0), RUGGEDCOM RST2228 (All versions < V5.7.0), RUGGEDCOM RST2228P (All versions < V5.7.0), RUGGEDCOM RST916C (All versions < V5.7.0), RUGGEDCOM RST916P (All versions < V5.7.0). The SSH server on affected devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device.

Action-Not Available
Vendor-Siemens AG
Product-ruggedcom_rs969ruggedcom_rs910ruggedcom_rsg2100ruggedcom_rsg2300pruggedcom_rs930lruggedcom_rsg907rruggedcom_rsg910cruggedcom_rs416ruggedcom_rs900wruggedcom_i801ruggedcom_rosruggedcom_m2100ruggedcom_rmcruggedcom_i800ruggedcom_rst2228ruggedcom_rs930wruggedcom_rmc8388ruggedcom_rsg2200ruggedcom_rs900ruggedcom_rs401ruggedcom_rs8000truggedcom_rsg909rruggedcom_rp110ruggedcom_rs910lruggedcom_i802ruggedcom_m969ruggedcom_rs910wruggedcom_rsg2100pruggedcom_rs8000ruggedcom_rst916pruggedcom_rs900gpruggedcom_rs900lruggedcom_rmc40ruggedcom_rsl910ruggedcom_rmc41ruggedcom_rsg920pruggedcom_rs920wruggedcom_rs416v2ruggedcom_rs8000aruggedcom_rsg2300ruggedcom_rst916cruggedcom_m2200ruggedcom_rs400ruggedcom_rst2228pruggedcom_rmc20ruggedcom_rs8000hruggedcom_rsg908cruggedcom_i803ruggedcom_rsg2488ruggedcom_rs900gruggedcom_rsg2288ruggedcom_rs920lruggedcom_rs940gruggedcom_rmc30RUGGEDCOM RS8000RUGGEDCOM RS900LRUGGEDCOM RSG2300 V4.XRUGGEDCOM RSG920P V4.XRUGGEDCOM RS930WRUGGEDCOM RS910LRUGGEDCOM RS416v2 V5.XRUGGEDCOM RSG2300P V4.XRUGGEDCOM RSG2100 (32M) V5.XRUGGEDCOM RS416Pv2 V4.XRUGGEDCOM RS1600RUGGEDCOM RS920WRUGGEDCOM RS940GRUGGEDCOM M2200RUGGEDCOM RS910RUGGEDCOM RS900RUGGEDCOM RSG908CRUGGEDCOM RS920LRUGGEDCOM RMC8388 V4.XRUGGEDCOM RSG2100RUGGEDCOM RS8000HRUGGEDCOM RS400RUGGEDCOM RS8000TRUGGEDCOM RS900G (32M) V4.XRUGGEDCOM M969RUGGEDCOM RS900GRUGGEDCOM RS900M-STND-XXRUGGEDCOM RS8000ARUGGEDCOM RS900WRUGGEDCOM i803RUGGEDCOM RMC8388 V5.XRUGGEDCOM RSG910CRUGGEDCOM RSG2288 V4.XRUGGEDCOM RS969RUGGEDCOM RSG2200RUGGEDCOM RS900 (32M) V4.XRUGGEDCOM RSG909RRUGGEDCOM RS416RUGGEDCOM RST2228PRUGGEDCOM RSG2100PRUGGEDCOM i800RUGGEDCOM RS416PRUGGEDCOM RS900M-STND-C01RUGGEDCOM RS900M-GETS-XXRUGGEDCOM RST916PRUGGEDCOM RSG920P V5.XRUGGEDCOM RSG2100 (32M) V4.XRUGGEDCOM RSG2288 V5.XRUGGEDCOM RS1600FRUGGEDCOM RSL910RUGGEDCOM RSG907RRUGGEDCOM RS930LRUGGEDCOM RSG2300P V5.XRUGGEDCOM RS910WRUGGEDCOM RSG2300 V5.XRUGGEDCOM RST916CRUGGEDCOM RS900GPRUGGEDCOM RSG2488 V4.XRUGGEDCOM i802RUGGEDCOM RSG2100P (32M) V4.XRUGGEDCOM RSG2488 V5.XRUGGEDCOM RST2228RUGGEDCOM RS401RUGGEDCOM RMC30RUGGEDCOM M2100RUGGEDCOM RS1600TRUGGEDCOM RS900G (32M) V5.XRUGGEDCOM RS416Pv2 V5.XRUGGEDCOM RS900M-GETS-C01RUGGEDCOM RS900 (32M) V5.XRUGGEDCOM RP110RUGGEDCOM i801RUGGEDCOM RSG2100P (32M) V5.XRUGGEDCOM RS416v2 V4.X
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2024-54089
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.03% / 9.74%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 10:29
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions), APOGEE PXC Series (P2 Ethernet) (All versions), TALON TC Series (BACnet) (All versions). Affected devices contain a weak encryption mechanism based on a hard-coded key. This could allow an attacker to guess or decrypt the password from the cyphertext.

Action-Not Available
Vendor-Siemens AG
Product-APOGEE PXC Series (P2 Ethernet)APOGEE PXC Series (BACnet)TALON TC Series (BACnet)
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2014-0224
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.4||HIGH
EPSS-89.69% / 99.58%
||
7 Day CHG~0.00%
Published-05 Jun, 2014 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.

Action-Not Available
Vendor-filezilla-projectn/aMariaDB FoundationopenSUSESiemens AGOpenSSLRed Hat, Inc.Node.js (OpenJS Foundation)Python Software FoundationFedora Project
Product-s7-1500_firmwareroxmariadbjboss_enterprise_web_platformstorageapplication_processing_engine_firmwarecp1543-1rox_firmwarefedorapythons7-1500cp1543-1_firmwareenterprise_linuxapplication_processing_enginenode.jsfilezilla_serverjboss_enterprise_web_serveropenssljboss_enterprise_application_platformopensusen/a
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2024-41681
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-6||MEDIUM
EPSS-0.20% / 41.93%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 07:54
Updated-14 Aug, 2024 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Location Intelligence family (All versions < V4.4). The web server of affected products is configured to support weak ciphers by default. This could allow an unauthenticated attacker in an on-path position to to read and modify any data passed over the connection between legitimate clients and the affected device.

Action-Not Available
Vendor-Siemens AG
Product-location_intelligenceLocation Intelligence family
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2024-38867
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-8.2||HIGH
EPSS-0.10% / 27.99%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 12:05
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.64), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.64), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V9.64), SIPROTEC 5 6MD89 (CP300) (All versions < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions < V9.64), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions < V9.64), SIPROTEC 5 7SA82 (CP100) (All versions < V8.90), SIPROTEC 5 7SA82 (CP150) (All versions < V9.65), SIPROTEC 5 7SA84 (CP200) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions < V9.65), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions < V9.65), SIPROTEC 5 7SD82 (CP100) (All versions < V8.90), SIPROTEC 5 7SD82 (CP150) (All versions < V9.65), SIPROTEC 5 7SD84 (CP200) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions < V9.65), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions < V9.65), SIPROTEC 5 7SJ81 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.65), SIPROTEC 5 7SJ82 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.65), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions < V9.65), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions < V9.65), SIPROTEC 5 7SK82 (CP100) (All versions < V8.89), SIPROTEC 5 7SK82 (CP150) (All versions < V9.65), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions < V9.65), SIPROTEC 5 7SL82 (CP100) (All versions < V8.90), SIPROTEC 5 7SL82 (CP150) (All versions < V9.65), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions < V9.65), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions < V9.65), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions < V9.64), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions < V9.64), SIPROTEC 5 7ST86 (CP300) (All versions < V9.64), SIPROTEC 5 7SX82 (CP150) (All versions < V9.65), SIPROTEC 5 7SX85 (CP300) (All versions < V9.65), SIPROTEC 5 7UM85 (CP300) (All versions < V9.64), SIPROTEC 5 7UT82 (CP100) (All versions < V8.90), SIPROTEC 5 7UT82 (CP150) (All versions < V9.65), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions < V9.65), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions < V9.65), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions < V9.65), SIPROTEC 5 7VE85 (CP300) (All versions < V9.64), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions < V9.65), SIPROTEC 5 7VU85 (CP300) (All versions < V9.64), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions < V9.62 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions installed on CP200 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions installed on CP200 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions < V9.62 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.62), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.64). The affected devices are supporting weak ciphers on several ports (443/tcp for web, 4443/tcp for DIGSI 5 and configurable port for syslog over TLS). This could allow an unauthorized attacker in a man-in-the-middle position to decrypt any data passed over to and from those ports.

Action-Not Available
Vendor-Siemens AG
Product-SIPROTEC 5 7SK85 (CP200)SIPROTEC 5 7SK82 (CP150)SIPROTEC 5 7SA82 (CP150)SIPROTEC 5 7SA86 (CP200)SIPROTEC 5 7SD82 (CP100)SIPROTEC 5 7SA82 (CP100)SIPROTEC 5 7SD84 (CP200)SIPROTEC 5 7SD82 (CP150)SIPROTEC 5 7SX82 (CP150)SIPROTEC 5 7SX85 (CP300)SIPROTEC 5 7UT85 (CP200)SIPROTEC 5 7SL86 (CP200)SIPROTEC 5 7SD86 (CP200)SIPROTEC 5 7SJ82 (CP100)SIPROTEC 5 7SL87 (CP300)SIPROTEC 5 7SA86 (CP300)SIPROTEC 5 7UM85 (CP300)SIPROTEC 5 6MD84 (CP300)SIPROTEC 5 7UT87 (CP200)SIPROTEC 5 7ST85 (CP200)SIPROTEC 5 7SD86 (CP300)SIPROTEC 5 7VK87 (CP200)SIPROTEC 5 7SD87 (CP200)SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1)SIPROTEC 5 7SL86 (CP300)SIPROTEC 5 6MD85 (CP200)SIPROTEC 5 7KE85 (CP300)SIPROTEC 5 6MD89 (CP300)SIPROTEC 5 7SS85 (CP200)SIPROTEC 5 7UT86 (CP200)SIPROTEC 5 7ST85 (CP300)SIPROTEC 5 7UT86 (CP300)SIPROTEC 5 7SJ81 (CP100)SIPROTEC 5 6MU85 (CP300)SIPROTEC 5 6MD86 (CP300)SIPROTEC 5 7SJ81 (CP150)SIPROTEC 5 7SK85 (CP300)SIPROTEC 5 7SJ85 (CP200)SIPROTEC 5 7SK82 (CP100)SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1)SIPROTEC 5 7UT85 (CP300)SIPROTEC 5 Communication Module ETH-BD-2FOSIPROTEC 5 7SJ82 (CP150)SIPROTEC 5 7ST86 (CP300)SIPROTEC 5 7KE85 (CP200)SIPROTEC 5 7UT82 (CP100)SIPROTEC 5 7SL87 (CP200)SIPROTEC 5 7UT87 (CP300)SIPROTEC 5 6MD85 (CP300)SIPROTEC 5 7VE85 (CP300)SIPROTEC 5 7SD87 (CP300)SIPROTEC 5 7SA84 (CP200)SIPROTEC 5 7VK87 (CP300)SIPROTEC 5 7VU85 (CP300)SIPROTEC 5 7SS85 (CP300)SIPROTEC 5 7SJ86 (CP200)SIPROTEC 5 7SL82 (CP150)SIPROTEC 5 7SJ86 (CP300)SIPROTEC 5 7UT82 (CP150)SIPROTEC 5 7SA87 (CP300)SIPROTEC 5 Compact 7SX800 (CP050)SIPROTEC 5 7SL82 (CP100)SIPROTEC 5 6MD86 (CP200)SIPROTEC 5 7SJ85 (CP300)SIPROTEC 5 7SA87 (CP200)
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2019-19299
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.46% / 64.35%
||
7 Day CHG~0.00%
Published-10 Mar, 2020 | 19:16
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNVR/SiVMS Video Server (All versions >= V5.0.0 < V5.0.2), SiNVR/SiVMS Video Server (All versions >= V5.0.2). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server applies weak cryptography when exposing device (camera) passwords. This could allow an unauthenticated remote attacker to read and decrypt the passwords and conduct further attacks.

Action-Not Available
Vendor-Siemens AG
Product-sinvr\/sivms_video_serverSiNVR/SiVMS Video Server
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2018-4839
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 31.67%
||
7 Day CHG~0.00%
Published-08 Mar, 2018 | 17:00
Updated-05 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in DIGSI 4 (All versions < V4.92), EN100 Ethernet module DNP3 variant (All versions < V1.05.00), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions), Other SIPROTEC 4 relays (All versions), Other SIPROTEC Compact relays (All versions), SIPROTEC 4 7SD80 (All versions < V4.70), SIPROTEC 4 7SJ61 (All versions < V4.96), SIPROTEC 4 7SJ62 (All versions < V4.96), SIPROTEC 4 7SJ64 (All versions < V4.96), SIPROTEC 4 7SJ66 (All versions < V4.30), SIPROTEC Compact 7SJ80 (All versions < V4.77), SIPROTEC Compact 7SK80 (All versions < V4.77). An attacker with local access to the engineering system or in a privileged network position and able to obtain certain network traffic could possibly reconstruct access authorization passwords.

Action-Not Available
Vendor-Siemens AG
Product-siprotec_compact_7sj80en100_ethernet_module_profinet_io_firmwareen100_ethernet_module_dnp3_firmwaresiprotec_4_7sj66siprotec_compact_7sj80_firmwaresiprotec_compact_7sk80en100_ethernet_module_iec_104_firmwaresiprotec_4_7sj66_firmwareen100_ethernet_module_iec_104en100_ethernet_module_profinet_ioen100_ethernet_module_iec_61850_firmwaresiprotec_compact_7sk80_firmwaredigsi_4en100_ethernet_module_modbus_tcpen100_ethernet_module_modbus_tcp_firmwareen100_ethernet_module_dnp3en100_ethernet_module_iec_61850SIPROTEC 4 7SJ66EN100 Ethernet module IEC 104 variantEN100 Ethernet module PROFINET IO variantEN100 Ethernet module DNP3 variantSIPROTEC 4 7SJ64DIGSI 4SIPROTEC 4 7SJ62SIPROTEC Compact 7SK80SIPROTEC Compact 7SJ80Other SIPROTEC 4 relaysOther SIPROTEC Compact relaysEN100 Ethernet module Modbus TCP variantSIPROTEC 4 7SD80SIPROTEC 4 7SJ61EN100 Ethernet module IEC 61850 variant
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2023-29054
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-6.7||MEDIUM
EPSS-0.15% / 35.85%
||
7 Day CHG~0.00%
Published-11 Apr, 2023 | 09:03
Updated-07 Feb, 2025 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SIPLUS NET SCALANCE X202-2P IRT (All versions < V5.5.2). The SSH server on affected devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device.

Action-Not Available
Vendor-Siemens AG
Product-scalance_xf201-3p_irtscalance_x201-3p_irtscalance_xf204-2ba_irtscalance_x201-3p_irt_firmwarescalance_x202-2p_irt_pro_firmwarescalance_xf204irtscalance_xf204-2ba_irt_firmwarescalance_xf202-2p_irt_firmwarescalance_x204irtscalance_x201-3p_irt_proscalance_x202-2p_irt_proscalance_x202-2irt_firmwarescalance_xf202-2p_irtscalance_x200-4p_irt_firmwarescalance_x204irt_proscalance_x200-4p_irtscalance_x204irt_pro_firmwarescalance_x202-2irtscalance_x202-2p_irtscalance_xf201-3p_irt_firmwaresiplus_net_scalance_x202-2p_irt_firmwarescalance_xf204irt_firmwarescalance_x201-3p_irt_pro_firmwarescalance_x204irt_firmwaresiplus_net_scalance_x202-2p_irtscalance_x202-2p_irt_firmwareSCALANCE X202-2P IRT PROSCALANCE XF202-2P IRTSIPLUS NET SCALANCE X202-2P IRTSCALANCE X200-4P IRTSCALANCE X204IRTSCALANCE X204IRT PROSCALANCE X201-3P IRTSCALANCE XF201-3P IRTSCALANCE XF204IRTSCALANCE X202-2P IRTSCALANCE XF204-2BA IRTSCALANCE X202-2IRTSCALANCE X201-3P IRT PRO
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2023-35332
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.07% / 22.10%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 17:02
Updated-01 Jan, 2025 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Desktop Protocol Security Feature Bypass

Windows Remote Desktop Protocol Security Feature Bypass

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-326
Inadequate Encryption Strength
Details not found