ID

VAR-202212-1134


CVE

CVE-2022-46142


TITLE

Recoverable password storage vulnerability in multiple Siemens products

Trust: 0.8

sources: JVNDB: JVNDB-2022-023552

DESCRIPTION

Affected devices store the CLI user passwords encrypted in flash memory. Attackers with physical access to the device could retrieve the file and decrypt the CLI user passwords. ruggedcom rm1224 lte(4g) eu firmware, ruggedcom rm1224 lte(4g) nam firmware, scalance m804pb Multiple Siemens products, including firmware, contain vulnerabilities related to storing passwords in a recoverable format.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2022-46142 // JVNDB: JVNDB-2022-023552

AFFECTED PRODUCTS

vendor:siemensmodel:scalance xr552-12mscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance wam766-1 eccscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xm416-4cscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xr326-2c poescope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance sc642-2cscope:ltversion:2.3

Trust: 1.0

vendor:siemensmodel:scalance xc224-4c g eecscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xr328-4c wgscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance w734-1 rj45scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:siplus net scalance xc206-2scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance sc632-2cscope:ltversion:2.3

Trust: 1.0

vendor:siemensmodel:scalance w788-1 rj45scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:siplus net scalance xc208scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xp208poe eecscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance w738-1 m12scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xr524-8cscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance s615 eecscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance m874-2scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xc206-2sfp eecscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance sc646-2cscope:ltversion:2.3

Trust: 1.0

vendor:siemensmodel:ruggedcom rm1224 lte\ euscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xf204-2bca dnascope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc224scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xb208scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc206-2g poescope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc224-4c gscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance w786-1 rj45scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance w748-1 m12scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance w786-2 sfpscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc216-4c g eecscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:siplus net scalance xc206-2sfpscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance wum766-1 6ghzscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xp208scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance m826-2 shdsl-routerscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance w778-1 m12 eecscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xr528-6mscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance m876-3scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xr326-2cscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance w778-1 m12scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance w788-2 m12 eecscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xb213-3scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance wum766-1scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xp216eecscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance sc636-2cscope:ltversion:2.3

Trust: 1.0

vendor:siemensmodel:scalance w788-2 m12scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance mum853-1scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:siplus net scalance xc216-4cscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc216-4cscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc206-2sfp g eecscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance m804pbscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance w774-1 rj45scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance w1788-2ia m12scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xr526-8cscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc206-2g poe eecscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc216-4c gscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance w721-1 rj45scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance mum856-1scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:ruggedcom rm1224 lte\ namscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xb205-3ldscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xb216scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance m874-3scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xf204-2bascope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance w1788-2 eec m12scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xb205-3scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance w786-2 rj45scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance sc622-2cscope:ltversion:2.3

Trust: 1.0

vendor:siemensmodel:scalance w761-1 rj45scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc216-3g poescope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xf204 dnascope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance s615scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance wum763-1scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xr324wgscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance wam763-1scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xm408-8cscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc206-2sfp gscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance w774-1 m12 eecscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance wam766-1 6ghzscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance w786-2ia rj45scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance m812-1 adsl-routerscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance wam766-1scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance w774-1 m12 rj45scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xb213-3ldscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc206-2scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xm408-4cscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance m816-1 adsl-routerscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance w788-1 m12scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xp208eecscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance w1788-2 m12scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance w722-1 rj45scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance w1748-1 m12scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc208 poescope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance m876-4scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xc206-2sfpscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance w1788-1 m12scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc208scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc216scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance sc626-2cscope:ltversion:2.3

Trust: 1.0

vendor:siemensmodel:scalance xc216eecscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xc208 eecscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xp216scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xf204scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xp216poe eecscope:eqversion: -

Trust: 1.0

vendor:シーメンスmodel:scalance s615 eecscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance m812-1 adsl-routerscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance m876-4scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance s615scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:ruggedcom rm1224 lte euscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance sc-622-2cscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance sc-636-2cscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:ruggedcom rm1224 lte namscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance m816-1 adsl-routerscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance mum856-1scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance m876-3scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance sc626-2cscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance m874-3scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance sc-642-2cscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance mum853-1scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance m826-2 shdsl-routerscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance m804pbscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance sc-646-2cscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance sc-632-2cscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance m874-2scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-023552 // NVD: CVE-2022-46142

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2022-46142
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2022-46142
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2022-023552
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202212-3090
value: MEDIUM

Trust: 0.6

productcert@siemens.com: CVE-2022-46142
baseSeverity: MEDIUM
baseScore: 5.7
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 0.9
impactScore: 4.7
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2022-46142
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 3.6
version: 3.1

Trust: 1.0

OTHER: JVNDB-2022-023552
baseSeverity: MEDIUM
baseScore: 5.7
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-023552 // CNNVD: CNNVD-202212-3090 // NVD: CVE-2022-46142 // NVD: CVE-2022-46142

PROBLEMTYPE DATA

problemtype:CWE-257

Trust: 1.0

problemtype:CWE-522

Trust: 1.0

problemtype:Password storage in recoverable form (CWE-257) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-023552 // NVD: CVE-2022-46142

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202212-3090

PATCH

title:Siemens part of the product Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=218339

Trust: 0.6

sources: CNNVD: CNNVD-202212-3090

EXTERNAL IDS

db:NVDid:CVE-2022-46142

Trust: 3.2

db:SIEMENSid:SSA-413565

Trust: 2.4

db:ICS CERTid:ICSA-22-349-04

Trust: 1.4

db:JVNid:JVNVU91561630

Trust: 0.8

db:JVNDBid:JVNDB-2022-023552

Trust: 0.8

db:CNNVDid:CNNVD-202212-3090

Trust: 0.6

sources: JVNDB: JVNDB-2022-023552 // CNNVD: CNNVD-202212-3090 // NVD: CVE-2022-46142

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-413565.pdf

Trust: 2.4

url:https://jvn.jp/vu/jvnvu91561630/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-46142

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-04

Trust: 0.8

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-349-04

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-46142/

Trust: 0.6

sources: JVNDB: JVNDB-2022-023552 // CNNVD: CNNVD-202212-3090 // NVD: CVE-2022-46142

CREDITS

Siemens reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202212-3090

SOURCES

db:JVNDBid:JVNDB-2022-023552
db:CNNVDid:CNNVD-202212-3090
db:NVDid:CVE-2022-46142

LAST UPDATE DATE

2024-08-14T12:13:17.100000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2022-023552date:2023-11-29T03:03:00
db:CNNVDid:CNNVD-202212-3090date:2023-03-15T00:00:00
db:NVDid:CVE-2022-46142date:2023-03-14T10:15:24.137

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2022-023552date:2023-11-29T00:00:00
db:CNNVDid:CNNVD-202212-3090date:2022-12-13T00:00:00
db:NVDid:CVE-2022-46142date:2022-12-13T16:15:25.067