Details of VAR-202212-1136

ID

VAR-202212-1136

CVE

CVE-2022-46143

TITLE

Vulnerability in multiple Siemens products related to improper validation of quantities specified in inputs

Trust: 0.8

sources: JVNDB: JVNDB-2022-023553

DESCRIPTION

Affected devices do not check the TFTP blocksize correctly. This could allow an authenticated attacker to read from an uninitialized buffer that potentially contains previously allocated data. ruggedcom rm1224 lte(4g) eu firmware, ruggedcom rm1224 lte(4g) nam firmware, scalance m804pb Multiple Siemens products, including firmware, contain a vulnerability related to improper validation of quantities specified in input.Information may be obtained. SCALANCE M-800, MUM-800 and S615 as well as RUGGEDCOM RM1224 are industrial routers. The Siemens SCALANCE M-800/S615 series has an information disclosure vulnerability due to the affected device not properly checking the TFTP block size

Trust: 2.16

sources: NVD: CVE-2022-46143 // JVNDB: JVNDB-2022-023553 // CNVD: CNVD-2023-97251

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2023-97251

AFFECTED PRODUCTS

vendor:	siemens	model:	scalance m876-4	scope:	lt	version:	v8.0	Trust: 1.8
vendor:	siemens	model:	scalance m812-1 adsl-router	scope:	lt	version:	v8.0	Trust: 1.2
vendor:	siemens	model:	scalance m816-1 adsl-router	scope:	lt	version:	v8.0	Trust: 1.2
vendor:	siemens	model:	scalance m876-3	scope:	lt	version:	v8.0	Trust: 1.2
vendor:	siemens	model:	scalance mum856-1	scope:	lt	version:	v8.0	Trust: 1.2
vendor:	siemens	model:	scalance w778-1 m12 eec	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance w788-2 m12	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance m812-1 adsl-router	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xc206-2g poe eec	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance sc636-2c	scope:	lt	version:	2.3	Trust: 1.0
vendor:	siemens	model:	scalance xp208eec	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance w1788-2 eec m12	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance w788-1 m12	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xb213-3ld	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance w761-1 rj45	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance w774-1 m12 eec	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance w1788-2ia m12	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xf204-2ba	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xc208 eec	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xp216poe eec	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xc224	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xc216-4c	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance mum853-1	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance w786-2 sfp	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xp216eec	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	siplus net scalance xc208	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	ruggedcom rm1224 lte\ eu	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xr326-2c poe	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xb213-3	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance w721-1 rj45	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xc206-2sfp eec	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	siplus net scalance xc216-4c	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance wam766-1	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance w1788-2 m12	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xp208	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xr328-4c wg	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xb205-3	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance w788-1 rj45	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xc224-4c g eec	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xc216	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance m816-1 adsl-router	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance s615 eec	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance m804pb	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xr524-8c	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	siplus net scalance xc206-2	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xc206-2g poe	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance sc622-2c	scope:	lt	version:	2.3	Trust: 1.0
vendor:	siemens	model:	ruggedcom rm1224 lte\ nam	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance w786-2ia rj45	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xc216eec	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance wum763-1	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance wum766-1 6ghz	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xc216-4c g	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance m876-4	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xf204 dna	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance wam766-1 6ghz	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance m826-2 shdsl-router	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xm416-4c	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance w738-1 m12	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance w1788-1 m12	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xp208poe eec	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xc208 poe	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xr526-8c	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xc206-2sfp g eec	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance wam766-1 ecc	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance w748-1 m12	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xc224-4c g	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance w774-1 rj45	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xr552-12m	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance s615	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance w722-1 rj45	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xm408-4c	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xc206-2sfp g	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance w774-1 m12 rj45	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance sc632-2c	scope:	lt	version:	2.3	Trust: 1.0
vendor:	siemens	model:	scalance w734-1 rj45	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance sc646-2c	scope:	lt	version:	2.3	Trust: 1.0
vendor:	siemens	model:	scalance m874-3	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance sc626-2c	scope:	lt	version:	2.3	Trust: 1.0
vendor:	siemens	model:	scalance xc216-3g poe	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance w786-2 rj45	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xr528-6m	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance w1748-1 m12	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance w786-1 rj45	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xm408-8c	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance m874-2	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance wam763-1	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance w778-1 m12	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance wum766-1	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xc206-2sfp	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xc208	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xp216	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance sc642-2c	scope:	lt	version:	2.3	Trust: 1.0
vendor:	siemens	model:	scalance xb216	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xc216-4c g eec	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xr324wg	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xc206-2	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xr326-2c	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	siplus net scalance xc206-2sfp	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance w788-2 m12 eec	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance mum856-1	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance m876-3	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xb208	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xf204	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xb205-3ld	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xf204-2bca dna	scope:	eq	version:	-	Trust: 1.0
vendor:	シーメンス	model:	scalance s615 eec	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance m812-1 adsl-router	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance m876-4	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance s615	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	ruggedcom rm1224 lte eu	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance sc-622-2c	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance sc-636-2c	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	ruggedcom rm1224 lte nam	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance m816-1 adsl-router	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance mum856-1	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance m876-3	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance sc626-2c	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance m874-3	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance sc-642-2c	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance mum853-1	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance m826-2 shdsl-router	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance m804pb	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance sc-646-2c	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance sc-632-2c	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance m874-2	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	ruggedcom rm1224 lte eu	scope:	lt	version:	v8.0	Trust: 0.6
vendor:	siemens	model:	ruggedcom rm1224 lte nam	scope:	lt	version:	v8.0	Trust: 0.6
vendor:	siemens	model:	scalance m804pb	scope:	lt	version:	v8.0	Trust: 0.6
vendor:	siemens	model:	scalance m826-2 shdsl-router	scope:	lt	version:	v8.0	Trust: 0.6
vendor:	siemens	model:	scalance m874-2	scope:	lt	version:	v8.0	Trust: 0.6
vendor:	siemens	model:	scalance m874-3	scope:	lt	version:	v8.0	Trust: 0.6
vendor:	siemens	model:	scalance mum853-1	scope:	lt	version:	v8.0	Trust: 0.6
vendor:	siemens	model:	scalance s615	scope:	lt	version:	v8.0	Trust: 0.6
vendor:	siemens	model:	scalance s615 eec	scope:	lt	version:	v8.0	Trust: 0.6

sources: CNVD: CNVD-2023-97251 // JVNDB: JVNDB-2022-023553 // NVD: CVE-2022-46143

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com:	CVE-2022-46143
value:	LOW
Trust: 1.0
nvd@nist.gov:	CVE-2022-46143
value:	LOW
Trust: 1.0
OTHER:	JVNDB-2022-023553
value:	LOW
Trust: 0.8
CNVD:	CNVD-2023-97251
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202212-3089
value:	LOW
Trust: 0.6

CNVD:	CNVD-2023-97251
severity:	LOW
baseScore:	3.3
vectorString:	AV:N/AC:L/AU:M/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.4
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

productcert@siemens.com:	CVE-2022-46143
baseSeverity:	LOW
baseScore:	2.7
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.2
impactScore:	1.4
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2022-023553
baseSeverity:	LOW
baseScore:	2.7
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2023-97251 // JVNDB: JVNDB-2022-023553 // CNNVD: CNNVD-202212-3089 // NVD: CVE-2022-46143 // NVD: CVE-2022-46143

PROBLEMTYPE DATA

problemtype:	CWE-1284	Trust: 1.0
problemtype:	Improper validation of quantity specified in input (CWE-1284) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-023553 // NVD: CVE-2022-46143

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202212-3089

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202212-3089

PATCH

title:	Patch for Siemens SCALANCE M-800/S615 series information leakage vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/500346	Trust: 0.6
title:	Siemens part of the product Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=218338	Trust: 0.6

sources: CNVD: CNVD-2023-97251 // CNNVD: CNNVD-202212-3089

EXTERNAL IDS

db:	NVD	id:	CVE-2022-46143	Trust: 3.8
db:	SIEMENS	id:	SSA-413565	Trust: 2.4
db:	SIEMENS	id:	SSA-180704	Trust: 1.6
db:	ICS CERT	id:	ICSA-22-349-04	Trust: 1.4
db:	JVN	id:	JVNVU91561630	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-023553	Trust: 0.8
db:	CNVD	id:	CNVD-2023-97251	Trust: 0.6
db:	CNNVD	id:	CNNVD-202212-3089	Trust: 0.6

sources: CNVD: CNVD-2023-97251 // JVNDB: JVNDB-2022-023553 // CNNVD: CNNVD-202212-3089 // NVD: CVE-2022-46143

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-413565.pdf	Trust: 2.4
url:	https://cert-portal.siemens.com/productcert/html/ssa-180704.html	Trust: 1.6
url:	https://cert-portal.siemens.com/productcert/html/ssa-413565.html	Trust: 1.0
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-180704.pdf	Trust: 1.0
url:	https://jvn.jp/vu/jvnvu91561630/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-46143	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-04	Trust: 0.8
url:	https://us-cert.cisa.gov/ics/advisories/icsa-22-349-04	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-46143/	Trust: 0.6

sources: CNVD: CNVD-2023-97251 // JVNDB: JVNDB-2022-023553 // CNNVD: CNNVD-202212-3089 // NVD: CVE-2022-46143

CREDITS

Siemens reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202212-3089

SOURCES

db:	CNVD	id:	CNVD-2023-97251
db:	JVNDB	id:	JVNDB-2022-023553
db:	CNNVD	id:	CNNVD-202212-3089
db:	NVD	id:	CVE-2022-46143

LAST UPDATE DATE

2024-08-14T12:11:36.523000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2023-97251	date:	2023-12-13T00:00:00
db:	JVNDB	id:	JVNDB-2022-023553	date:	2023-11-29T03:03:00
db:	CNNVD	id:	CNNVD-202212-3089	date:	2022-12-20T00:00:00
db:	NVD	id:	CVE-2022-46143	date:	2024-08-13T08:15:05.483

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2023-97251	date:	2023-12-14T00:00:00
db:	JVNDB	id:	JVNDB-2022-023553	date:	2023-11-29T00:00:00
db:	CNNVD	id:	CNNVD-202212-3089	date:	2022-12-13T00:00:00
db:	NVD	id:	CVE-2022-46143	date:	2022-12-13T16:15:25.137