Details of VAR-202212-1133

ID

VAR-202212-1133

CVE

CVE-2022-46140

TITLE

Vulnerabilities related to the use of cryptographic algorithms in multiple Siemens products

Trust: 0.8

sources: JVNDB: JVNDB-2022-023551

DESCRIPTION

Affected devices use a weak encryption scheme to encrypt the debug zip file. This could allow an authenticated attacker to decrypt the contents of the file and retrieve debug information about the system. ruggedcom rm1224 lte(4g) eu firmware, ruggedcom rm1224 lte(4g) nam firmware, scalance m804pb Multiple Siemens products, including firmware, contain vulnerabilities related to the use of cryptographic algorithms.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2022-46140 // JVNDB: JVNDB-2022-023551

AFFECTED PRODUCTS

vendor:	siemens	model:	scalance xr552-12m	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance wam766-1 ecc	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xm416-4c	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xr326-2c poe	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance sc642-2c	scope:	lt	version:	2.3	Trust: 1.0
vendor:	siemens	model:	scalance xc224-4c g eec	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xr328-4c wg	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance w734-1 rj45	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siplus net scalance xc206-2	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance sc632-2c	scope:	lt	version:	2.3	Trust: 1.0
vendor:	siemens	model:	scalance w788-1 rj45	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	siplus net scalance xc208	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xp208poe eec	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance w738-1 m12	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xr524-8c	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance s615 eec	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance m874-2	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xc206-2sfp eec	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance sc646-2c	scope:	lt	version:	2.3	Trust: 1.0
vendor:	siemens	model:	ruggedcom rm1224 lte\ eu	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xf204-2bca dna	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xc224	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xb208	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xc206-2g poe	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xc224-4c g	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance w786-1 rj45	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance w748-1 m12	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance w786-2 sfp	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xc216-4c g eec	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	siplus net scalance xc206-2sfp	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance wum766-1 6ghz	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xp208	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance m826-2 shdsl-router	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance w778-1 m12 eec	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xr528-6m	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance m876-3	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xr326-2c	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance w778-1 m12	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance w788-2 m12 eec	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xb213-3	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance wum766-1	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xp216eec	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance sc636-2c	scope:	lt	version:	2.3	Trust: 1.0
vendor:	siemens	model:	scalance w788-2 m12	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance mum853-1	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siplus net scalance xc216-4c	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xc216-4c	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xc206-2sfp g eec	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance m804pb	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance w774-1 rj45	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance w1788-2ia m12	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xr526-8c	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xc206-2g poe eec	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xc216-4c g	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance w721-1 rj45	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance mum856-1	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	ruggedcom rm1224 lte\ nam	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xb205-3ld	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xb216	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance m874-3	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xf204-2ba	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance w1788-2 eec m12	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xb205-3	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance w786-2 rj45	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance sc622-2c	scope:	lt	version:	2.3	Trust: 1.0
vendor:	siemens	model:	scalance w761-1 rj45	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xc216-3g poe	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xf204 dna	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance s615	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance wum763-1	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xr324wg	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance wam763-1	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xm408-8c	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xc206-2sfp g	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance w774-1 m12 eec	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance wam766-1 6ghz	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance w786-2ia rj45	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance m812-1 adsl-router	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance wam766-1	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance w774-1 m12 rj45	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xb213-3ld	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xc206-2	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xm408-4c	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance m816-1 adsl-router	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance w788-1 m12	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xp208eec	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance w1788-2 m12	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance w722-1 rj45	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance w1748-1 m12	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xc208 poe	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance m876-4	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xc206-2sfp	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance w1788-1 m12	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xc208	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xc216	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance sc626-2c	scope:	lt	version:	2.3	Trust: 1.0
vendor:	siemens	model:	scalance xc216eec	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xc208 eec	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xp216	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xf204	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xp216poe eec	scope:	eq	version:	-	Trust: 1.0
vendor:	シーメンス	model:	scalance s615 eec	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance m812-1 adsl-router	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance m876-4	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance s615	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	ruggedcom rm1224 lte eu	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance sc-622-2c	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance sc-636-2c	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	ruggedcom rm1224 lte nam	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance m816-1 adsl-router	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance mum856-1	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance m876-3	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance sc626-2c	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance m874-3	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance sc-642-2c	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance mum853-1	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance m826-2 shdsl-router	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance m804pb	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance sc-646-2c	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance sc-632-2c	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance m874-2	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-023551 // NVD: CVE-2022-46140

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com:	CVE-2022-46140
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2022-46140
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2022-023551
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202212-3091
value:	MEDIUM
Trust: 0.6

productcert@siemens.com:	CVE-2022-46140
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2022-023551
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-023551 // CNNVD: CNNVD-202212-3091 // NVD: CVE-2022-46140 // NVD: CVE-2022-46140

PROBLEMTYPE DATA

problemtype:	CWE-327	Trust: 1.0
problemtype:	Use of incomplete or dangerous cryptographic algorithms (CWE-327) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-023551 // NVD: CVE-2022-46140

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202212-3091

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-202212-3091

PATCH

title:

Siemens part of the product Fixes for encryption problem vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=218340

Trust: 0.6

sources: CNNVD: CNNVD-202212-3091

EXTERNAL IDS

db:	NVD	id:	CVE-2022-46140	Trust: 3.2
db:	SIEMENS	id:	SSA-413565	Trust: 2.4
db:	ICS CERT	id:	ICSA-22-349-04	Trust: 1.4
db:	JVN	id:	JVNVU91561630	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-023551	Trust: 0.8
db:	CNNVD	id:	CNNVD-202212-3091	Trust: 0.6

sources: JVNDB: JVNDB-2022-023551 // CNNVD: CNNVD-202212-3091 // NVD: CVE-2022-46140

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-413565.pdf	Trust: 2.4
url:	https://jvn.jp/vu/jvnvu91561630/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-46140	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-04	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-46140/	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-22-349-04	Trust: 0.6

sources: JVNDB: JVNDB-2022-023551 // CNNVD: CNNVD-202212-3091 // NVD: CVE-2022-46140

CREDITS

Siemens reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202212-3091

SOURCES

db:	JVNDB	id:	JVNDB-2022-023551
db:	CNNVD	id:	CNNVD-202212-3091
db:	NVD	id:	CVE-2022-46140

LAST UPDATE DATE

2024-08-14T12:05:03.547000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2022-023551	date:	2023-11-29T03:03:00
db:	CNNVD	id:	CNNVD-202212-3091	date:	2022-12-20T00:00:00
db:	NVD	id:	CVE-2022-46140	date:	2023-03-14T10:15:23.297

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2022-023551	date:	2023-11-29T00:00:00
db:	CNNVD	id:	CNNVD-202212-3091	date:	2022-12-13T00:00:00
db:	NVD	id:	CVE-2022-46140	date:	2022-12-13T16:15:25.007