#VU70422 Use of a broken or risky cryptographic algorithm in Siemens products - CVE-2022-46140

Vulnerability identifier: #VU70422

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-46140

CWE-ID: CWE-327

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
RUGGEDCOM RM1224 LTE(4G) EU
RUGGEDCOM RM1224 LTE(4G) NAM
SCALANCE M804PB
SCALANCE M812-1 ADSL-Router (Annex A)
SCALANCE M812-1 ADSL-Router (Annex B)
SCALANCE M816-1 ADSL-Router (Annex A)
SCALANCE M816-1 ADSL-Router (Annex B)
SCALANCE M826-2 SHDSL-Router
SCALANCE M874-2
SCALANCE M874-3
SCALANCE M876-3
SCALANCE M876-3 (ROK)
SCALANCE M876-4
SCALANCE M876-4 (EU)
SCALANCE M876-4 (NAM)
SCALANCE MUM853-1 (EU)
SCALANCE MUM856-1 (EU)
SCALANCE MUM856-1 (RoW)
SCALANCE S615 EEC
SCALANCE W721-1 RJ45
SCALANCE W722-1 RJ45
SCALANCE W734-1 RJ45
SCALANCE W734-1 RJ45 (USA)
SCALANCE W738-1 M12
SCALANCE W748-1 M12
SCALANCE W748-1 RJ45
SCALANCE W761-1 RJ45
SCALANCE W774-1 M12 EEC
SCALANCE W774-1 RJ45
SCALANCE W774-1 RJ45 (USA)
SCALANCE W778-1 M12
SCALANCE W778-1 M12 EEC
SCALANCE W778-1 M12 EEC (USA)
SCALANCE W786-1 RJ45
SCALANCE W786-2 RJ45
SCALANCE W786-2 SFP
SCALANCE W786-2IA RJ45
SCALANCE W788-1 M12
SCALANCE W788-1 RJ45
SCALANCE W788-2 M12
SCALANCE W788-2 M12 EEC
SCALANCE W788-2 RJ45
SCALANCE W1748-1 M12
SCALANCE W1788-1 M12
SCALANCE W1788-2 EEC M12
SCALANCE W1788-2 M12
SCALANCE W1788-2IA M12
SCALANCE WAM763-1
SCALANCE WAM766-1
SCALANCE WAM766-1 6GHz
SCALANCE WAM766-1 EEC
SCALANCE WAM766-1 EEC 6GHz
SCALANCE WUM763-1
SCALANCE WUM766-1
SCALANCE WUM766-1 6GHz
SCALANCE XB205-3 (SC
PN)
SCALANCE XB205-3 (ST
E/IP)
SCALANCE XB205-3LD (SC
SCALANCE XB208 (E/IP)
SCALANCE XB208 (PN)
SCALANCE XB213-3 (SC
SCALANCE XB213-3 (ST
SCALANCE XB213-3LD (SC
SCALANCE XB216 (E/IP)
SCALANCE XB216 (PN)
SCALANCE XC206-2 (SC)
SCALANCE XC206-2 (ST/BFOC)
SCALANCE XC206-2G PoE
SCALANCE XC206-2G PoE EEC (54 V DC)
SCALANCE XC206-2SFP
SCALANCE XC206-2SFP EEC
SCALANCE XC206-2SFP G
SCALANCE XC206-2SFP G (EIP DEF.)
SCALANCE XC206-2SFP G EEC
SCALANCE XC208
SCALANCE XC208EEC
SCALANCE XC208G
SCALANCE XC208G (EIP def.)
SCALANCE XC208G EEC
SCALANCE XC208G PoE
SCALANCE XC208G PoE (54 V DC)
SCALANCE XC21
SCALANCE XC216-3G PoE
SCALANCE XC216-3G PoE (54 V DC)
SCALANCE XC216-4C
SCALANCE XC216-4C G
SCALANCE XC216-4C G (EIP Def.)
SCALANCE XC216-4C G EEC
SCALANCE XC216EEC
SCALANCE XC224
SCALANCE XC224-4C G
SCALANCE XC224-4C G (EIP Def.)
SCALANCE XC224-4C G EEC
SCALANCE XF204
SCALANCE XF204 DNA
SCALANCE XF204-2BA
SCALANCE XF204-2BA DNA
SCALANCE XM408-4C
SCALANCE XM408-4C (L3 int.)
SCALANCE XM408-8C
SCALANCE XM408-8C (L3 int.)
SCALANCE XM416-4C
SCALANCE XM416-4C (L3 int.)
SCALANCE XP208
SCALANCE XP208 (Ethernet/IP)
SCALANCE XP208EEC
SCALANCE XP208PoE EEC
SCALANCE XP216
SCALANCE XP216 (Ethernet/IP)
SCALANCE XP216EEC
SCALANCE XP216POE EEC
SCALANCE XR324WG
SCALANCE XR326-2C PoE WG
SCALANCE XR328-4C WG
SCALANCE XR524-8C 1x230V
SCALANCE XR524-8C 1x230V (L3 int.)
SCALANCE XR524-8C 2x230V
SCALANCE XR524-8C 2x230V (L3 int.)
SCALANCE XR524-8C 24V
SCALANCE XR524-8C 24V (L3 int.)
SCALANCE XR526-8C 1x230V
SCALANCE XR526-8C 1x230V (L3 int.)
SCALANCE XR526-8C 2x230V
SCALANCE XR526-8C 2x230V (L3 int.)
SCALANCE XR526-8C 24V
SCALANCE XR526-8C 24V (L3 int.)
SCALANCE XR528-6M
SCALANCE XR528-6M (2HR2)
L3 int.)
SCALANCE XR528-6M (L3 int.)
SCALANCE XR552-12M
SCALANCE XR552-12M (2HR2
SIPLUS NET SCALANCE XC206-2
SIPLUS NET SCALANCE XC206-2SFP
SIPLUS NET SCALANCE XC208
SIPLUS NET SCALANCE XC216-4C
SCALANCE S615

Software vendor:
Siemens

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the affected device uses a weak encryption scheme to encrypt the debug zip file. A remote user can decrypt the contents of the file and retrieve debug information about the system.

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

• https://cert-portal.siemens.com/productcert/pdf/ssa-413565.pdf