Missing Encryption of Sensitive Data in Siemens SCALANCE W700 Product Family



Published: 2023-11-16
Risk Medium
Patch available NO
Number of vulnerabilities 1
CVE-ID CVE-2022-47522
CWE-ID CWE-311
Exploitation vector Local network
Public exploit N/A
Vulnerable software
Subscribe 		SCALANCE WUM766-1 (US)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE WUM766-1 (EU)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE WUM763-1)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE WAM766-1 EEC (US)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE WAM766-1 EEC (EU)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE WAM766-1 (US)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE WAM766-1 (EU)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W778-1 M12 EEC (USA)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W774-1 RJ45 (USA)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W734-1 RJ45 (USA)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W1748-1 M12
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W788-2 RJ45
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W788-2 M12 EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W788-2 M12
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W788-1 RJ45
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W788-1 M12
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W786-2IA RJ45
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W786-2 SFP
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W786-2 RJ45
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W786-1 RJ45
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W778-1 M12 EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W778-1 M12
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W774-1 RJ45
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W774-1 M12 EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W761-1 RJ45
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W748-1 RJ45
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W748-1 M12
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W738-1 M12
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W734-1 RJ45
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W722-1 RJ45
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W721-1 RJ45
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE WUM763-1
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE WAM763-1
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W1788-2IA M12
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W1788-2 M12
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W1788-2 EEC M12
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W1788-1 M12
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor Siemens

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Missing Encryption of Sensitive Data

EUVDB-ID: #VU74346

Risk: Medium

CVSSv3.1: 6.2 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:U/RC:C]

CVE-ID: CVE-2022-47522

CWE-ID: CWE-311 - Missing Encryption of Sensitive Data

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to the way Wi-Fi devices manage transmit queues. A remote attacker can force the device to send traffic unencrypted by manipulating the transmit queues.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

SCALANCE WUM766-1 (US): All versions

SCALANCE WUM766-1 (EU): All versions

SCALANCE WUM763-1): All versions

SCALANCE WAM766-1 EEC (US): All versions

SCALANCE WAM766-1 EEC (EU): All versions

SCALANCE WAM766-1 (US): All versions

SCALANCE WAM766-1 (EU): All versions

SCALANCE W778-1 M12 EEC (USA): All versions

SCALANCE W774-1 RJ45 (USA): All versions

SCALANCE W734-1 RJ45 (USA): All versions

SCALANCE W1748-1 M12: All versions

SCALANCE W788-2 RJ45: All versions

SCALANCE W788-2 M12 EEC: All versions

SCALANCE W788-2 M12: All versions

SCALANCE W788-1 RJ45: All versions

SCALANCE W788-1 M12: All versions

SCALANCE W786-2IA RJ45: All versions

SCALANCE W786-2 SFP: All versions

SCALANCE W786-2 RJ45: All versions

SCALANCE W786-1 RJ45: All versions

SCALANCE W778-1 M12 EEC: All versions

SCALANCE W778-1 M12: All versions

SCALANCE W774-1 RJ45: All versions

SCALANCE W774-1 M12 EEC: All versions

SCALANCE W761-1 RJ45: All versions

SCALANCE W748-1 RJ45: All versions

SCALANCE W748-1 M12: All versions

SCALANCE W738-1 M12: All versions

SCALANCE W734-1 RJ45: All versions

SCALANCE W722-1 RJ45: All versions

SCALANCE W721-1 RJ45: All versions

SCALANCE WUM763-1: All versions

SCALANCE WAM763-1: All versions

SCALANCE W1788-2IA M12: All versions

SCALANCE W1788-2 M12: All versions

SCALANCE W1788-2 EEC M12: All versions

SCALANCE W1788-1 M12: All versions

External links

http://cert-portal.siemens.com/productcert/txt/ssa-457702.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###