CVE-2023-44321 Siemens CVE debrief

Who should care

Industrial network administrators, OT security teams, and organizations operating Siemens SCALANCE M-800/MUM800/S615 or RUGGEDCOM RM1224 routers in manufacturing, energy, transportation, or critical infrastructure environments.

Technical summary

The vulnerability exists in the web management interface of affected Siemens industrial routers. When processing certain configuration changes, the interface fails to validate input length, allowing an authenticated attacker to submit oversized data that crashes the web server process. This results in loss of web-based management capability until the device is physically or remotely restarted. The attack requires network access to the web interface and valid administrative credentials. No code execution or persistent compromise is achieved; impact is limited to temporary loss of management interface availability.

Defensive priority

low

Recommended defensive actions

• Upgrade affected Siemens SCALANCE and RUGGEDCOM devices to firmware version 8.1 or later
• Restrict web interface access to trusted administrative hosts only
• Monitor for unexpected device restarts or web interface unavailability
• Apply defense-in-depth practices for industrial control systems per CISA guidance
• Review and validate input length restrictions in custom management interfaces

Evidence notes

CISA published advisory ICSA-24-228-01 on 2024-08-13, disclosing CVE-2023-44321. The vulnerability affects 24 Siemens industrial router products across the SCALANCE M-800, MUM800, and S615 families, plus the RUGGEDCOM RM1224. Siemens released firmware version 8.1 to address the issue. CVSS 3.1 score of 2.7 (Low) reflects the requirement for authenticated access and limited availability impact.

Official resources