PatchSiren cyber security CVE debrief
CVE-2023-52237 Siemens CVE debrief
A HIGH severity vulnerability (CVSS 7.5) in Siemens RUGGEDCOM industrial network devices allows low-privileged users to access password hashes and salts for all system users, including administrators. Published July 9, 2024, and last modified August 12, 2025, this information disclosure flaw enables offline brute-force attacks against administrative credentials. The vulnerability affects 80 RUGGEDCOM product variants spanning i800, i801, i802, i803, M969, M2100, M2200, RMC30, RMC8388, RP110, RS400, RS401, RS416, RS900, RS910, RS920, RS930, RS940, RS969, and RS1600 series devices. Siemens has released firmware updates for most affected products, though some models have no planned fix.
- Vendor
- Siemens
- Product
- RUGGEDCOM i800
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-07-09
- Original CVE updated
- 2025-08-12
- Advisory published
- 2024-07-09
- Advisory updated
- 2025-08-12
Who should care
Organizations operating Siemens RUGGEDCOM industrial Ethernet switches and routers in critical infrastructure, manufacturing, transportation, and utility environments. Security teams responsible for OT/ICS network segmentation and privileged access management. Incident responders investigating potential credential compromise in industrial control system environments.
Technical summary
The web server in affected Siemens RUGGEDCOM devices fails to properly enforce access controls on password hash and salt information. A low-privileged authenticated user can retrieve cryptographic hashes and salts for all system user accounts, including administrative accounts. This information disclosure enables offline password cracking attacks against privileged credentials. The vulnerability is network-accessible with low attack complexity once authenticated, though the attack requires a valid low-privilege account. The extensive product scope—80 distinct RUGGEDCOM variants—reflects the broad deployment of this industrial networking platform in critical infrastructure environments. Siemens has provided firmware remediation paths for most products, with version-specific upgrade requirements (4.3.10+ for V4.x, 5.9.0+ for V5.x), while designating some legacy products as having no planned fix.
Defensive priority
HIGH
Recommended defensive actions
- Apply vendor firmware updates: Update V4.x devices to version 4.3.10 or later, and V5.x devices to version 5.9.0 or later per Siemens guidance
- Disable the web server on affected systems if not operationally required
- Restrict network access to TCP ports 80 and 443 to trusted IP addresses only
- Audit administrative accounts for unauthorized access or password changes
- Monitor for anomalous authentication attempts following exposure of credential hashes
- For products with no fix planned, implement compensating controls including network segmentation and enhanced monitoring
- Review and rotate administrative credentials if compromise is suspected
Evidence notes
CVE published 2024-07-09; advisory modified 2025-08-12 to add RUGGEDCOM RSG2100P (32M) and RUGGEDCOM RSG2100PNC (32M) for V4.x and V5.x. CVSS vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C.
Official resources
-
CVE-2023-52237 CVE record
CVE.org
-
CVE-2023-52237 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-07-09