ID

VAR-202212-1133


CVE

CVE-2022-46140


TITLE

Vulnerabilities related to the use of cryptographic algorithms in multiple Siemens products

Trust: 0.8

sources: JVNDB: JVNDB-2022-023551

DESCRIPTION

Affected devices use a weak encryption scheme to encrypt the debug zip file. This could allow an authenticated attacker to decrypt the contents of the file and retrieve debug information about the system. ruggedcom rm1224 lte(4g) eu firmware, ruggedcom rm1224 lte(4g) nam firmware, scalance m804pb Multiple Siemens products, including firmware, contain vulnerabilities related to the use of cryptographic algorithms.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2022-46140 // JVNDB: JVNDB-2022-023551

AFFECTED PRODUCTS

vendor:siemensmodel:scalance xr552-12mscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance wam766-1 eccscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xm416-4cscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xr326-2c poescope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance sc642-2cscope:ltversion:2.3

Trust: 1.0

vendor:siemensmodel:scalance xc224-4c g eecscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xr328-4c wgscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance w734-1 rj45scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:siplus net scalance xc206-2scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance sc632-2cscope:ltversion:2.3

Trust: 1.0

vendor:siemensmodel:scalance w788-1 rj45scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:siplus net scalance xc208scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xp208poe eecscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance w738-1 m12scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xr524-8cscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance s615 eecscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance m874-2scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xc206-2sfp eecscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance sc646-2cscope:ltversion:2.3

Trust: 1.0

vendor:siemensmodel:ruggedcom rm1224 lte\ euscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xf204-2bca dnascope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc224scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xb208scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc206-2g poescope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc224-4c gscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance w786-1 rj45scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance w748-1 m12scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance w786-2 sfpscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc216-4c g eecscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:siplus net scalance xc206-2sfpscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance wum766-1 6ghzscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xp208scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance m826-2 shdsl-routerscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance w778-1 m12 eecscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xr528-6mscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance m876-3scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xr326-2cscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance w778-1 m12scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance w788-2 m12 eecscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xb213-3scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance wum766-1scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xp216eecscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance sc636-2cscope:ltversion:2.3

Trust: 1.0

vendor:siemensmodel:scalance w788-2 m12scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance mum853-1scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:siplus net scalance xc216-4cscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc216-4cscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc206-2sfp g eecscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance m804pbscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance w774-1 rj45scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance w1788-2ia m12scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xr526-8cscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc206-2g poe eecscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc216-4c gscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance w721-1 rj45scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance mum856-1scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:ruggedcom rm1224 lte\ namscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xb205-3ldscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xb216scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance m874-3scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xf204-2bascope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance w1788-2 eec m12scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xb205-3scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance w786-2 rj45scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance sc622-2cscope:ltversion:2.3

Trust: 1.0

vendor:siemensmodel:scalance w761-1 rj45scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc216-3g poescope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xf204 dnascope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance s615scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance wum763-1scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xr324wgscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance wam763-1scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xm408-8cscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc206-2sfp gscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance w774-1 m12 eecscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance wam766-1 6ghzscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance w786-2ia rj45scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance m812-1 adsl-routerscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance wam766-1scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance w774-1 m12 rj45scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xb213-3ldscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc206-2scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xm408-4cscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance m816-1 adsl-routerscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance w788-1 m12scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xp208eecscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance w1788-2 m12scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance w722-1 rj45scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance w1748-1 m12scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc208 poescope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance m876-4scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xc206-2sfpscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance w1788-1 m12scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc208scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc216scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance sc626-2cscope:ltversion:2.3

Trust: 1.0

vendor:siemensmodel:scalance xc216eecscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc208 eecscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xp216scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xf204scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xp216poe eecscope:eqversion: -

Trust: 1.0

vendor:シーメンスmodel:scalance s615 eecscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance m812-1 adsl-routerscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance m876-4scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance s615scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:ruggedcom rm1224 lte euscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance sc-622-2cscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance sc-636-2cscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:ruggedcom rm1224 lte namscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance m816-1 adsl-routerscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance mum856-1scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance m876-3scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance sc626-2cscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance m874-3scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance sc-642-2cscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance mum853-1scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance m826-2 shdsl-routerscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance m804pbscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance sc-646-2cscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance sc-632-2cscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance m874-2scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-023551 // NVD: CVE-2022-46140

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2022-46140
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2022-46140
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2022-023551
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202212-3091
value: MEDIUM

Trust: 0.6

productcert@siemens.com: CVE-2022-46140
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 2.0

OTHER: JVNDB-2022-023551
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-023551 // CNNVD: CNNVD-202212-3091 // NVD: CVE-2022-46140 // NVD: CVE-2022-46140

PROBLEMTYPE DATA

problemtype:CWE-327

Trust: 1.0

problemtype:Use of incomplete or dangerous cryptographic algorithms (CWE-327) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-023551 // NVD: CVE-2022-46140

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202212-3091

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-202212-3091

PATCH

title:Siemens part of the product Fixes for encryption problem vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=218340

Trust: 0.6

sources: CNNVD: CNNVD-202212-3091

EXTERNAL IDS

db:NVDid:CVE-2022-46140

Trust: 3.2

db:SIEMENSid:SSA-413565

Trust: 2.4

db:ICS CERTid:ICSA-22-349-04

Trust: 1.4

db:JVNid:JVNVU91561630

Trust: 0.8

db:JVNDBid:JVNDB-2022-023551

Trust: 0.8

db:CNNVDid:CNNVD-202212-3091

Trust: 0.6

sources: JVNDB: JVNDB-2022-023551 // CNNVD: CNNVD-202212-3091 // NVD: CVE-2022-46140

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-413565.pdf

Trust: 2.4

url:https://jvn.jp/vu/jvnvu91561630/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-46140

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-04

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-46140/

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-349-04

Trust: 0.6

sources: JVNDB: JVNDB-2022-023551 // CNNVD: CNNVD-202212-3091 // NVD: CVE-2022-46140

CREDITS

Siemens reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202212-3091

SOURCES

db:JVNDBid:JVNDB-2022-023551
db:CNNVDid:CNNVD-202212-3091
db:NVDid:CVE-2022-46140

LAST UPDATE DATE

2024-08-14T12:05:03.547000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2022-023551date:2023-11-29T03:03:00
db:CNNVDid:CNNVD-202212-3091date:2022-12-20T00:00:00
db:NVDid:CVE-2022-46140date:2023-03-14T10:15:23.297

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2022-023551date:2023-11-29T00:00:00
db:CNNVDid:CNNVD-202212-3091date:2022-12-13T00:00:00
db:NVDid:CVE-2022-46140date:2022-12-13T16:15:25.007