Details of VAR-202212-1134

ID

VAR-202212-1134

CVE

CVE-2022-46142

TITLE

Recoverable password storage vulnerability in multiple Siemens products

Trust: 0.8

sources: JVNDB: JVNDB-2022-023552

DESCRIPTION

Affected devices store the CLI user passwords encrypted in flash memory. Attackers with physical access to the device could retrieve the file and decrypt the CLI user passwords. ruggedcom rm1224 lte(4g) eu firmware, ruggedcom rm1224 lte(4g) nam firmware, scalance m804pb Multiple Siemens products, including firmware, contain vulnerabilities related to storing passwords in a recoverable format.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2022-46142 // JVNDB: JVNDB-2022-023552

AFFECTED PRODUCTS

vendor:	siemens	model:	scalance xr552-12m	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance wam766-1 ecc	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xm416-4c	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xr326-2c poe	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance sc642-2c	scope:	lt	version:	2.3	Trust: 1.0
vendor:	siemens	model:	scalance xc224-4c g eec	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xr328-4c wg	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance w734-1 rj45	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siplus net scalance xc206-2	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance sc632-2c	scope:	lt	version:	2.3	Trust: 1.0
vendor:	siemens	model:	scalance w788-1 rj45	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	siplus net scalance xc208	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xp208poe eec	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance w738-1 m12	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xr524-8c	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance s615 eec	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance m874-2	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xc206-2sfp eec	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance sc646-2c	scope:	lt	version:	2.3	Trust: 1.0
vendor:	siemens	model:	ruggedcom rm1224 lte\ eu	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xf204-2bca dna	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xc224	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xb208	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xc206-2g poe	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xc224-4c g	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance w786-1 rj45	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance w748-1 m12	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance w786-2 sfp	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xc216-4c g eec	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	siplus net scalance xc206-2sfp	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance wum766-1 6ghz	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xp208	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance m826-2 shdsl-router	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance w778-1 m12 eec	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xr528-6m	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance m876-3	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xr326-2c	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance w778-1 m12	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance w788-2 m12 eec	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xb213-3	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance wum766-1	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xp216eec	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance sc636-2c	scope:	lt	version:	2.3	Trust: 1.0
vendor:	siemens	model:	scalance w788-2 m12	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance mum853-1	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siplus net scalance xc216-4c	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xc216-4c	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xc206-2sfp g eec	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance m804pb	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance w774-1 rj45	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance w1788-2ia m12	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xr526-8c	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xc206-2g poe eec	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xc216-4c g	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance w721-1 rj45	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance mum856-1	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	ruggedcom rm1224 lte\ nam	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xb205-3ld	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xb216	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance m874-3	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xf204-2ba	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance w1788-2 eec m12	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xb205-3	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance w786-2 rj45	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance sc622-2c	scope:	lt	version:	2.3	Trust: 1.0
vendor:	siemens	model:	scalance w761-1 rj45	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xc216-3g poe	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xf204 dna	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance s615	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance wum763-1	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xr324wg	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance wam763-1	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xm408-8c	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xc206-2sfp g	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance w774-1 m12 eec	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance wam766-1 6ghz	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance w786-2ia rj45	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance m812-1 adsl-router	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance wam766-1	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance w774-1 m12 rj45	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xb213-3ld	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xc206-2	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xm408-4c	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance m816-1 adsl-router	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance w788-1 m12	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xp208eec	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance w1788-2 m12	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance w722-1 rj45	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance w1748-1 m12	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xc208 poe	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance m876-4	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xc206-2sfp	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance w1788-1 m12	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xc208	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xc216	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance sc626-2c	scope:	lt	version:	2.3	Trust: 1.0
vendor:	siemens	model:	scalance xc216eec	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xc208 eec	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xp216	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xf204	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xp216poe eec	scope:	eq	version:	-	Trust: 1.0
vendor:	シーメンス	model:	scalance s615 eec	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance m812-1 adsl-router	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance m876-4	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance s615	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	ruggedcom rm1224 lte eu	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance sc-622-2c	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance sc-636-2c	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	ruggedcom rm1224 lte nam	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance m816-1 adsl-router	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance mum856-1	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance m876-3	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance sc626-2c	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance m874-3	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance sc-642-2c	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance mum853-1	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance m826-2 shdsl-router	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance m804pb	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance sc-646-2c	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance sc-632-2c	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance m874-2	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-023552 // NVD: CVE-2022-46142

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com:	CVE-2022-46142
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2022-46142
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2022-023552
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202212-3090
value:	MEDIUM
Trust: 0.6

productcert@siemens.com:	CVE-2022-46142
baseSeverity:	MEDIUM
baseScore:	5.7
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	0.9
impactScore:	4.7
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2022-46142
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	3.6
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2022-023552
baseSeverity:	MEDIUM
baseScore:	5.7
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-023552 // CNNVD: CNNVD-202212-3090 // NVD: CVE-2022-46142 // NVD: CVE-2022-46142

PROBLEMTYPE DATA

problemtype:	CWE-257	Trust: 1.0
problemtype:	CWE-522	Trust: 1.0
problemtype:	Password storage in recoverable form (CWE-257) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-023552 // NVD: CVE-2022-46142

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202212-3090

PATCH

title:

Siemens part of the product Security vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=218339

Trust: 0.6

sources: CNNVD: CNNVD-202212-3090

EXTERNAL IDS

db:	NVD	id:	CVE-2022-46142	Trust: 3.2
db:	SIEMENS	id:	SSA-413565	Trust: 2.4
db:	ICS CERT	id:	ICSA-22-349-04	Trust: 1.4
db:	JVN	id:	JVNVU91561630	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-023552	Trust: 0.8
db:	CNNVD	id:	CNNVD-202212-3090	Trust: 0.6

sources: JVNDB: JVNDB-2022-023552 // CNNVD: CNNVD-202212-3090 // NVD: CVE-2022-46142

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-413565.pdf	Trust: 2.4
url:	https://jvn.jp/vu/jvnvu91561630/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-46142	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-04	Trust: 0.8
url:	https://us-cert.cisa.gov/ics/advisories/icsa-22-349-04	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-46142/	Trust: 0.6

sources: JVNDB: JVNDB-2022-023552 // CNNVD: CNNVD-202212-3090 // NVD: CVE-2022-46142

CREDITS

Siemens reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202212-3090

SOURCES

db:	JVNDB	id:	JVNDB-2022-023552
db:	CNNVD	id:	CNNVD-202212-3090
db:	NVD	id:	CVE-2022-46142

LAST UPDATE DATE

2024-08-14T12:13:17.100000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2022-023552	date:	2023-11-29T03:03:00
db:	CNNVD	id:	CNNVD-202212-3090	date:	2023-03-15T00:00:00
db:	NVD	id:	CVE-2022-46142	date:	2023-03-14T10:15:24.137

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2022-023552	date:	2023-11-29T00:00:00
db:	CNNVD	id:	CNNVD-202212-3090	date:	2022-12-13T00:00:00
db:	NVD	id:	CVE-2022-46142	date:	2022-12-13T16:15:25.067