#VU70423 Storing passwords in a recoverable format in Siemens products - CVE-2022-46142

Vulnerability identifier: #VU70423

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-46142

CWE-ID: CWE-257

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
RUGGEDCOM RM1224 LTE(4G) EU
RUGGEDCOM RM1224 LTE(4G) NAM
SCALANCE M804PB
SCALANCE M812-1 ADSL-Router (Annex A)
SCALANCE M812-1 ADSL-Router (Annex B)
SCALANCE M816-1 ADSL-Router (Annex A)
SCALANCE M816-1 ADSL-Router (Annex B)
SCALANCE M826-2 SHDSL-Router
SCALANCE M874-2
SCALANCE M874-3
SCALANCE M876-3
SCALANCE M876-3 (ROK)
SCALANCE M876-4
SCALANCE M876-4 (EU)
SCALANCE M876-4 (NAM)
SCALANCE MUM853-1 (EU)
SCALANCE MUM856-1 (EU)
SCALANCE MUM856-1 (RoW)
SCALANCE S615 EEC
SCALANCE W721-1 RJ45
SCALANCE W722-1 RJ45
SCALANCE W734-1 RJ45
SCALANCE W734-1 RJ45 (USA)
SCALANCE W738-1 M12
SCALANCE W748-1 M12
SCALANCE W748-1 RJ45
SCALANCE W761-1 RJ45
SCALANCE W774-1 M12 EEC
SCALANCE W774-1 RJ45
SCALANCE W774-1 RJ45 (USA)
SCALANCE W778-1 M12
SCALANCE W778-1 M12 EEC
SCALANCE W778-1 M12 EEC (USA)
SCALANCE W786-1 RJ45
SCALANCE W786-2 RJ45
SCALANCE W786-2 SFP
SCALANCE W786-2IA RJ45
SCALANCE W788-1 M12
SCALANCE W788-1 RJ45
SCALANCE W788-2 M12
SCALANCE W788-2 M12 EEC
SCALANCE W788-2 RJ45
SCALANCE W1748-1 M12
SCALANCE W1788-1 M12
SCALANCE W1788-2 EEC M12
SCALANCE W1788-2 M12
SCALANCE W1788-2IA M12
SCALANCE WAM763-1
SCALANCE WAM766-1
SCALANCE WAM766-1 6GHz
SCALANCE WAM766-1 EEC
SCALANCE WAM766-1 EEC 6GHz
SCALANCE WUM763-1
SCALANCE WUM766-1
SCALANCE WUM766-1 6GHz
SCALANCE XB205-3 (SC
PN)
SCALANCE XB205-3 (ST
E/IP)
SCALANCE XB205-3LD (SC
SCALANCE XB208 (E/IP)
SCALANCE XB208 (PN)
SCALANCE XB213-3 (SC
SCALANCE XB213-3 (ST
SCALANCE XB213-3LD (SC
SCALANCE XB216 (E/IP)
SCALANCE XB216 (PN)
SCALANCE XC206-2 (SC)
SCALANCE XC206-2 (ST/BFOC)
SCALANCE XC206-2G PoE
SCALANCE XC206-2G PoE EEC (54 V DC)
SCALANCE XC206-2SFP
SCALANCE XC206-2SFP EEC
SCALANCE XC206-2SFP G
SCALANCE XC206-2SFP G (EIP DEF.)
SCALANCE XC206-2SFP G EEC
SCALANCE XC208
SCALANCE XC208EEC
SCALANCE XC208G
SCALANCE XC208G (EIP def.)
SCALANCE XC208G EEC
SCALANCE XC208G PoE
SCALANCE XC208G PoE (54 V DC)
SCALANCE XC21
SCALANCE XC216-3G PoE
SCALANCE XC216-3G PoE (54 V DC)
SCALANCE XC216-4C
SCALANCE XC216-4C G
SCALANCE XC216-4C G (EIP Def.)
SCALANCE XC216-4C G EEC
SCALANCE XC216EEC
SCALANCE XC224
SCALANCE XC224-4C G
SCALANCE XC224-4C G (EIP Def.)
SCALANCE XC224-4C G EEC
SCALANCE XF204
SCALANCE XF204 DNA
SCALANCE XF204-2BA
SCALANCE XF204-2BA DNA
SCALANCE XM408-4C
SCALANCE XM408-4C (L3 int.)
SCALANCE XM408-8C
SCALANCE XM408-8C (L3 int.)
SCALANCE XM416-4C
SCALANCE XM416-4C (L3 int.)
SCALANCE XP208
SCALANCE XP208 (Ethernet/IP)
SCALANCE XP208EEC
SCALANCE XP208PoE EEC
SCALANCE XP216
SCALANCE XP216 (Ethernet/IP)
SCALANCE XP216EEC
SCALANCE XP216POE EEC
SCALANCE XR324WG
SCALANCE XR326-2C PoE WG
SCALANCE XR328-4C WG
SCALANCE XR524-8C 1x230V
SCALANCE XR524-8C 1x230V (L3 int.)
SCALANCE XR524-8C 2x230V
SCALANCE XR524-8C 2x230V (L3 int.)
SCALANCE XR524-8C 24V
SCALANCE XR524-8C 24V (L3 int.)
SCALANCE XR526-8C 1x230V
SCALANCE XR526-8C 1x230V (L3 int.)
SCALANCE XR526-8C 2x230V
SCALANCE XR526-8C 2x230V (L3 int.)
SCALANCE XR526-8C 24V
SCALANCE XR526-8C 24V (L3 int.)
SCALANCE XR528-6M
SCALANCE XR528-6M (2HR2)
L3 int.)
SCALANCE XR528-6M (L3 int.)
SCALANCE XR552-12M
SCALANCE XR552-12M (2HR2
SIPLUS NET SCALANCE XC206-2
SIPLUS NET SCALANCE XC206-2SFP
SIPLUS NET SCALANCE XC208
SIPLUS NET SCALANCE XC216-4C
SCALANCE SC622-2C
SCALANCE SC626-2C
SCALANCE SC632-2C
SCALANCE SC636-2C
SCALANCE SC642-2C
SCALANCE SC646-2C
SCALANCE S615

Software vendor:
Siemens

The vulnerability allows a local attacker to decrypt passwords.

The vulnerability exists due to the affected device stores the CLI user passwords encrypted in flash memory. An attacker with physical access can retrieve the file and decrypt the CLI user passwords.

Install updates from vendor's website.

• https://cert-portal.siemens.com/productcert/pdf/ssa-413565.pdf