Multiple vulnerabilities in Siemens SCALANCE Products



Published: 2022-12-19
Risk Medium
Patch available YES
Number of vulnerabilities 3
CVE-ID CVE-2022-46142
CVE-2022-46143
CVE-2022-46144
CWE-ID CWE-257
CWE-20
CWE-664
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
RUGGEDCOM RM1224 LTE(4G) EU
Hardware solutions / Routers & switches, VoIP, GSM, etc

RUGGEDCOM RM1224 LTE(4G) NAM
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE M804PB
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE M812-1 ADSL-Router (Annex A)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE M812-1 ADSL-Router (Annex B)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE M816-1 ADSL-Router (Annex A)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE M816-1 ADSL-Router (Annex B)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE M826-2 SHDSL-Router
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE M874-2
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE M874-3
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE M876-3
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE M876-3 (ROK)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE M876-4
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE M876-4 (EU)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE M876-4 (NAM)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE MUM853-1 (EU)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE MUM856-1 (EU)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE MUM856-1 (RoW)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE S615 EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W721-1 RJ45
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W722-1 RJ45
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W734-1 RJ45
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W734-1 RJ45 (USA)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W738-1 M12
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W748-1 M12
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W748-1 RJ45
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W761-1 RJ45
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W774-1 M12 EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W774-1 RJ45
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W774-1 RJ45 (USA)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W778-1 M12
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W778-1 M12 EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W778-1 M12 EEC (USA)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W786-1 RJ45
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W786-2 RJ45
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W786-2 SFP
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W786-2IA RJ45
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W788-1 M12
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W788-1 RJ45
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W788-2 M12
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W788-2 M12 EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W788-2 RJ45
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W788-2 RJ45)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W1748-1 M12
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W1788-1 M12
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W1788-2 EEC M12
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W1788-2 M12
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W1788-2IA M12
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE WAM763-1
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE WAM766-1
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE WAM766-1 6GHz
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE WAM766-1 EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE WAM766-1 EEC 6GHz
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE WUM763-1
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE WUM766-1
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE WUM766-1 6GHz
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XB205-3 (SC
Hardware solutions / Routers & switches, VoIP, GSM, etc

PN)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XB205-3 (ST
Hardware solutions / Routers & switches, VoIP, GSM, etc

E/IP)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XB205-3LD (SC
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XB208 (E/IP)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XB208 (PN)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XB213-3 (SC
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XB213-3 (ST
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XB213-3LD (SC
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XB216 (E/IP)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XB216 (PN)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XC206-2 (SC)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XC206-2 (ST/BFOC)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XC206-2G PoE
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XC206-2G PoE EEC (54 V DC)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XC206-2SFP
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XC206-2SFP EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XC206-2SFP G
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XC206-2SFP G (EIP DEF.)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XC206-2SFP G EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XC208
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XC208EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XC208G
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XC208G (EIP def.)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XC208G EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XC208G PoE
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XC208G PoE (54 V DC)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XC21
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XC216-3G PoE
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XC216-3G PoE (54 V DC)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XC216-4C
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XC216-4C G
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XC216-4C G (EIP Def.)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XC216-4C G EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XC216EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XC224
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XC224-4C G
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XC224-4C G (EIP Def.)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XC224-4C G EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XF204
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XF204 DNA
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XF204-2BA
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XF204-2BA DNA
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XM408-4C
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XM408-4C (L3 int.)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XM408-8C
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XM408-8C (L3 int.)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XM416-4C
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XM416-4C (L3 int.)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XP208
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XP208 (Ethernet/IP)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XP208EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XP208PoE EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XP216
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XP216 (Ethernet/IP)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XP216EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XP216POE EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XR324WG
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XR326-2C PoE WG
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XR328-4C WG
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XR524-8C 1x230V
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XR524-8C 1x230V (L3 int.)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XR524-8C 2x230V
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XR524-8C 2x230V (L3 int.)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XR524-8C 24V
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XR524-8C 24V (L3 int.)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XR526-8C 1x230V
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XR526-8C 1x230V (L3 int.)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XR526-8C 2x230V
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XR526-8C 2x230V (L3 int.)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XR526-8C 24V
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XR526-8C 24V (L3 int.)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XR528-6M
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XR528-6M (2HR2)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XR528-6M (2HR2
Hardware solutions / Routers & switches, VoIP, GSM, etc

L3 int.)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XR528-6M (L3 int.)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XR552-12M
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XR552-12M (2HR2
Hardware solutions / Routers & switches, VoIP, GSM, etc

SIPLUS NET SCALANCE XC206-2
Hardware solutions / Routers & switches, VoIP, GSM, etc

SIPLUS NET SCALANCE XC206-2SFP
Hardware solutions / Routers & switches, VoIP, GSM, etc

SIPLUS NET SCALANCE XC208
Hardware solutions / Routers & switches, VoIP, GSM, etc

SIPLUS NET SCALANCE XC216-4C
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE SC622-2C
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE SC626-2C
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE SC632-2C
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE SC636-2C
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE SC642-2C
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE SC646-2C
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE S615
Hardware solutions / Firmware

Vendor Siemens

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Storing passwords in a recoverable format

EUVDB-ID: #VU70423

Risk: Low

CVSSv3.1: 5 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-46142

CWE-ID: CWE-257 - Storing Passwords in a Recoverable Format

Exploit availability: No

Description

The vulnerability allows a local attacker to decrypt passwords.

The vulnerability exists due to the affected device stores the CLI user passwords encrypted in flash memory. An attacker with physical access can retrieve the file and decrypt the CLI user passwords.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

RUGGEDCOM RM1224 LTE(4G) EU: All versions

RUGGEDCOM RM1224 LTE(4G) NAM: All versions

SCALANCE M804PB: All versions

SCALANCE M812-1 ADSL-Router (Annex A): All versions

SCALANCE M812-1 ADSL-Router (Annex B): All versions

SCALANCE M816-1 ADSL-Router (Annex A): All versions

SCALANCE M816-1 ADSL-Router (Annex B): All versions

SCALANCE M826-2 SHDSL-Router: All versions

SCALANCE M874-2: All versions

SCALANCE M874-3: All versions

SCALANCE M876-3: All versions

SCALANCE M876-3 (ROK): All versions

SCALANCE M876-4: All versions

SCALANCE M876-4 (EU): All versions

SCALANCE M876-4 (NAM): All versions

SCALANCE MUM853-1 (EU): All versions

SCALANCE MUM856-1 (EU): All versions

SCALANCE MUM856-1 (RoW): All versions

SCALANCE S615: All versions

SCALANCE S615 EEC: All versions

SCALANCE W721-1 RJ45: All versions

SCALANCE W722-1 RJ45: All versions

SCALANCE W734-1 RJ45: All versions

SCALANCE W734-1 RJ45 (USA): All versions

SCALANCE W738-1 M12: All versions

SCALANCE W748-1 M12: All versions

SCALANCE W748-1 RJ45: All versions

SCALANCE W761-1 RJ45: All versions

SCALANCE W774-1 M12 EEC: All versions

SCALANCE W774-1 RJ45: All versions

SCALANCE W774-1 RJ45 (USA): All versions

SCALANCE W778-1 M12: All versions

SCALANCE W778-1 M12 EEC: All versions

SCALANCE W778-1 M12 EEC (USA): All versions

SCALANCE W786-1 RJ45: All versions

SCALANCE W786-2 RJ45: All versions

SCALANCE W786-2 SFP: All versions

SCALANCE W786-2IA RJ45: All versions

SCALANCE W788-1 M12: All versions

SCALANCE W788-1 RJ45: All versions

SCALANCE W788-2 M12: All versions

SCALANCE W788-2 M12 EEC: All versions

SCALANCE W788-2 RJ45: All versions

SCALANCE W788-2 RJ45): All versions

SCALANCE W1748-1 M12: All versions

SCALANCE W1788-1 M12: All versions

SCALANCE W1788-2 EEC M12: All versions

SCALANCE W1788-2 M12: All versions

SCALANCE W1788-2IA M12: All versions

SCALANCE WAM763-1: All versions

SCALANCE WAM766-1: All versions

SCALANCE WAM766-1 6GHz: All versions

SCALANCE WAM766-1 EEC: All versions

SCALANCE WAM766-1 EEC 6GHz: All versions

SCALANCE WUM763-1: All versions

SCALANCE WUM766-1: All versions

SCALANCE WUM766-1 6GHz: All versions

SCALANCE XB205-3 (SC: All versions

PN): All versions

SCALANCE XB205-3 (ST: All versions

E/IP): All versions

SCALANCE XB205-3LD (SC: All versions

SCALANCE XB208 (E/IP): All versions

SCALANCE XB208 (PN): All versions

SCALANCE XB213-3 (SC: All versions

SCALANCE XB213-3 (ST: All versions

SCALANCE XB213-3LD (SC: All versions

SCALANCE XB216 (E/IP): All versions

SCALANCE XB216 (PN): All versions

SCALANCE XC206-2 (SC): All versions

SCALANCE XC206-2 (ST/BFOC): All versions

SCALANCE XC206-2G PoE: All versions

SCALANCE XC206-2G PoE EEC (54 V DC): All versions

SCALANCE XC206-2SFP: All versions

SCALANCE XC206-2SFP EEC: All versions

SCALANCE XC206-2SFP G: All versions

SCALANCE XC206-2SFP G (EIP DEF.): All versions

SCALANCE XC206-2SFP G EEC: All versions

SCALANCE XC208: All versions

SCALANCE XC208EEC: All versions

SCALANCE XC208G: All versions

SCALANCE XC208G (EIP def.): All versions

SCALANCE XC208G EEC: All versions

SCALANCE XC208G PoE: All versions

SCALANCE XC208G PoE (54 V DC): All versions

SCALANCE XC21: All versions

SCALANCE XC216-3G PoE: All versions

SCALANCE XC216-3G PoE (54 V DC): All versions

SCALANCE XC216-4C: All versions

SCALANCE XC216-4C G: All versions

SCALANCE XC216-4C G (EIP Def.): All versions

SCALANCE XC216-4C G EEC: All versions

SCALANCE XC216EEC: All versions

SCALANCE XC224: All versions

SCALANCE XC224-4C G: All versions

SCALANCE XC224-4C G (EIP Def.): All versions

SCALANCE XC224-4C G EEC: All versions

SCALANCE XF204: All versions

SCALANCE XF204 DNA: All versions

SCALANCE XF204-2BA: All versions

SCALANCE XF204-2BA DNA: All versions

SCALANCE XM408-4C: All versions

SCALANCE XM408-4C (L3 int.): All versions

SCALANCE XM408-8C: All versions

SCALANCE XM408-8C (L3 int.): All versions

SCALANCE XM416-4C: All versions

SCALANCE XM416-4C (L3 int.): All versions

SCALANCE XP208: All versions

SCALANCE XP208 (Ethernet/IP): All versions

SCALANCE XP208EEC: All versions

SCALANCE XP208PoE EEC: All versions

SCALANCE XP216: All versions

SCALANCE XP216 (Ethernet/IP): All versions

SCALANCE XP216EEC: All versions

SCALANCE XP216POE EEC: All versions

SCALANCE XR324WG: All versions

SCALANCE XR326-2C PoE WG: All versions

SCALANCE XR328-4C WG: All versions

SCALANCE XR524-8C 1x230V: All versions

SCALANCE XR524-8C 1x230V (L3 int.): All versions

SCALANCE XR524-8C 2x230V: All versions

SCALANCE XR524-8C 2x230V (L3 int.): All versions

SCALANCE XR524-8C 24V: All versions

SCALANCE XR524-8C 24V (L3 int.): All versions

SCALANCE XR526-8C 1x230V: All versions

SCALANCE XR526-8C 1x230V (L3 int.): All versions

SCALANCE XR526-8C 2x230V: All versions

SCALANCE XR526-8C 2x230V (L3 int.): All versions

SCALANCE XR526-8C 24V: All versions

SCALANCE XR526-8C 24V (L3 int.): All versions

SCALANCE XR528-6M: All versions

SCALANCE XR528-6M (2HR2): All versions

SCALANCE XR528-6M (2HR2: All versions

L3 int.): All versions

SCALANCE XR528-6M (L3 int.): All versions

SCALANCE XR552-12M: All versions

SCALANCE XR552-12M (2HR2: All versions

SIPLUS NET SCALANCE XC206-2: All versions

SIPLUS NET SCALANCE XC206-2SFP: All versions

SIPLUS NET SCALANCE XC208: All versions

SIPLUS NET SCALANCE XC216-4C: All versions

SCALANCE SC622-2C: before 3.0

SCALANCE SC626-2C: before 3.0

SCALANCE SC632-2C: before 3.0

SCALANCE SC636-2C: before 3.0

SCALANCE SC642-2C: before 3.0

SCALANCE SC646-2C: before 3.0

External links

http://cert-portal.siemens.com/productcert/pdf/ssa-413565.pdf


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Input validation error

EUVDB-ID: #VU70424

Risk: Low

CVSSv3.1: 2.4 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-46143

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to gain access to sensitive information on the system.

The vulnerability exists due to the affected device does not check the TFTP blocksize correctly. A remote administrator can read from an uninitialized buffer that potentially contains previously allocated data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

RUGGEDCOM RM1224 LTE(4G) EU: All versions

RUGGEDCOM RM1224 LTE(4G) NAM: All versions

SCALANCE M804PB: All versions

SCALANCE M812-1 ADSL-Router (Annex A): All versions

SCALANCE M812-1 ADSL-Router (Annex B): All versions

SCALANCE M816-1 ADSL-Router (Annex A): All versions

SCALANCE M816-1 ADSL-Router (Annex B): All versions

SCALANCE M826-2 SHDSL-Router: All versions

SCALANCE M874-2: All versions

SCALANCE M874-3: All versions

SCALANCE M876-3: All versions

SCALANCE M876-3 (ROK): All versions

SCALANCE M876-4: All versions

SCALANCE M876-4 (EU): All versions

SCALANCE M876-4 (NAM): All versions

SCALANCE MUM853-1 (EU): All versions

SCALANCE MUM856-1 (EU): All versions

SCALANCE MUM856-1 (RoW): All versions

SCALANCE S615: All versions

SCALANCE S615 EEC: All versions

SCALANCE W721-1 RJ45: All versions

SCALANCE W722-1 RJ45: All versions

SCALANCE W734-1 RJ45: All versions

SCALANCE W734-1 RJ45 (USA): All versions

SCALANCE W738-1 M12: All versions

SCALANCE W748-1 M12: All versions

SCALANCE W748-1 RJ45: All versions

SCALANCE W761-1 RJ45: All versions

SCALANCE W774-1 M12 EEC: All versions

SCALANCE W774-1 RJ45: All versions

SCALANCE W774-1 RJ45 (USA): All versions

SCALANCE W778-1 M12: All versions

SCALANCE W778-1 M12 EEC: All versions

SCALANCE W778-1 M12 EEC (USA): All versions

SCALANCE W786-1 RJ45: All versions

SCALANCE W786-2 RJ45: All versions

SCALANCE W786-2 SFP: All versions

SCALANCE W786-2IA RJ45: All versions

SCALANCE W788-1 M12: All versions

SCALANCE W788-1 RJ45: All versions

SCALANCE W788-2 M12: All versions

SCALANCE W788-2 M12 EEC: All versions

SCALANCE W788-2 RJ45: All versions

SCALANCE W788-2 RJ45): All versions

SCALANCE W1748-1 M12: All versions

SCALANCE W1788-1 M12: All versions

SCALANCE W1788-2 EEC M12: All versions

SCALANCE W1788-2 M12: All versions

SCALANCE W1788-2IA M12: All versions

SCALANCE WAM763-1: All versions

SCALANCE WAM766-1: All versions

SCALANCE WAM766-1 6GHz: All versions

SCALANCE WAM766-1 EEC: All versions

SCALANCE WAM766-1 EEC 6GHz: All versions

SCALANCE WUM763-1: All versions

SCALANCE WUM766-1: All versions

SCALANCE WUM766-1 6GHz: All versions

SCALANCE XB205-3 (SC: All versions

PN): All versions

SCALANCE XB205-3 (ST: All versions

E/IP): All versions

SCALANCE XB205-3LD (SC: All versions

SCALANCE XB208 (E/IP): All versions

SCALANCE XB208 (PN): All versions

SCALANCE XB213-3 (SC: All versions

SCALANCE XB213-3 (ST: All versions

SCALANCE XB213-3LD (SC: All versions

SCALANCE XB216 (E/IP): All versions

SCALANCE XB216 (PN): All versions

SCALANCE XC206-2 (SC): All versions

SCALANCE XC206-2 (ST/BFOC): All versions

SCALANCE XC206-2G PoE: All versions

SCALANCE XC206-2G PoE EEC (54 V DC): All versions

SCALANCE XC206-2SFP: All versions

SCALANCE XC206-2SFP EEC: All versions

SCALANCE XC206-2SFP G: All versions

SCALANCE XC206-2SFP G (EIP DEF.): All versions

SCALANCE XC206-2SFP G EEC: All versions

SCALANCE XC208: All versions

SCALANCE XC208EEC: All versions

SCALANCE XC208G: All versions

SCALANCE XC208G (EIP def.): All versions

SCALANCE XC208G EEC: All versions

SCALANCE XC208G PoE: All versions

SCALANCE XC208G PoE (54 V DC): All versions

SCALANCE XC21: All versions

SCALANCE XC216-3G PoE: All versions

SCALANCE XC216-3G PoE (54 V DC): All versions

SCALANCE XC216-4C: All versions

SCALANCE XC216-4C G: All versions

SCALANCE XC216-4C G (EIP Def.): All versions

SCALANCE XC216-4C G EEC: All versions

SCALANCE XC216EEC: All versions

SCALANCE XC224: All versions

SCALANCE XC224-4C G: All versions

SCALANCE XC224-4C G (EIP Def.): All versions

SCALANCE XC224-4C G EEC: All versions

SCALANCE XF204: All versions

SCALANCE XF204 DNA: All versions

SCALANCE XF204-2BA: All versions

SCALANCE XF204-2BA DNA: All versions

SCALANCE XM408-4C: All versions

SCALANCE XM408-4C (L3 int.): All versions

SCALANCE XM408-8C: All versions

SCALANCE XM408-8C (L3 int.): All versions

SCALANCE XM416-4C: All versions

SCALANCE XM416-4C (L3 int.): All versions

SCALANCE XP208: All versions

SCALANCE XP208 (Ethernet/IP): All versions

SCALANCE XP208EEC: All versions

SCALANCE XP208PoE EEC: All versions

SCALANCE XP216: All versions

SCALANCE XP216 (Ethernet/IP): All versions

SCALANCE XP216EEC: All versions

SCALANCE XP216POE EEC: All versions

SCALANCE XR324WG: All versions

SCALANCE XR326-2C PoE WG: All versions

SCALANCE XR328-4C WG: All versions

SCALANCE XR524-8C 1x230V: All versions

SCALANCE XR524-8C 1x230V (L3 int.): All versions

SCALANCE XR524-8C 2x230V: All versions

SCALANCE XR524-8C 2x230V (L3 int.): All versions

SCALANCE XR524-8C 24V: All versions

SCALANCE XR524-8C 24V (L3 int.): All versions

SCALANCE XR526-8C 1x230V: All versions

SCALANCE XR526-8C 1x230V (L3 int.): All versions

SCALANCE XR526-8C 2x230V: All versions

SCALANCE XR526-8C 2x230V (L3 int.): All versions

SCALANCE XR526-8C 24V: All versions

SCALANCE XR526-8C 24V (L3 int.): All versions

SCALANCE XR528-6M: All versions

SCALANCE XR528-6M (2HR2): All versions

SCALANCE XR528-6M (2HR2: All versions

L3 int.): All versions

SCALANCE XR528-6M (L3 int.): All versions

SCALANCE XR552-12M: All versions

SCALANCE XR552-12M (2HR2: All versions

SIPLUS NET SCALANCE XC206-2: All versions

SIPLUS NET SCALANCE XC206-2SFP: All versions

SIPLUS NET SCALANCE XC208: All versions

SIPLUS NET SCALANCE XC216-4C: All versions

SCALANCE SC622-2C: before 3.0

SCALANCE SC626-2C: before 3.0

SCALANCE SC632-2C: before 3.0

SCALANCE SC636-2C: before 3.0

SCALANCE SC642-2C: before 3.0

SCALANCE SC646-2C: before 3.0

External links

http://cert-portal.siemens.com/productcert/pdf/ssa-413565.pdf


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper control of a resource through its lifetime

EUVDB-ID: #VU70421

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-46144

CWE-ID: CWE-664 - Improper control of a resource through its lifetime

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the affected device does not properly process CLI commands after a user forcefully quitted the SSH connection. A remote user can cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SCALANCE SC622-2C: before 3.0

SCALANCE SC626-2C: before 3.0

SCALANCE SC632-2C: before 3.0

SCALANCE SC636-2C: before 3.0

SCALANCE SC642-2C: before 3.0

SCALANCE SC646-2C: before 3.0

External links

http://cert-portal.siemens.com/productcert/pdf/ssa-413565.pdf


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###