Risk | Medium |
Patch available | NO |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2022-47522 |
CWE-ID | CWE-311 |
Exploitation vector | Local network |
Public exploit | N/A |
Vulnerable software |
SCALANCE W1750D (USA) Hardware solutions / Firmware SCALANCE W1750D (ROW) Hardware solutions / Firmware SCALANCE W1750D (JP) Hardware solutions / Firmware |
Vendor | Siemens |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU74346
Risk: Medium
CVSSv3.1: 6.2 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2022-47522
CWE-ID:
CWE-311 - Missing Encryption of Sensitive Data
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to the way Wi-Fi devices manage transmit queues. A remote attacker can force the device to send traffic unencrypted by manipulating the transmit queues.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsSCALANCE W1750D (USA): All versions
SCALANCE W1750D (ROW): All versions
SCALANCE W1750D (JP): All versions
CPE2.3http://cert-portal.siemens.com/productcert/txt/ssa-516174.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.