Storing passwords in a recoverable format in Siemens Hardware solutions

#VU70423 Storing passwords in a recoverable format in Siemens Hardware solutions

Published: 2022-12-19

Vulnerability identifier: #VU70423

Vulnerability risk: Low

CVSSv3.1: 5 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-46142

CWE-ID: CWE-257

Exploitation vector: Local

Exploit availability: No

Vendor: Siemens

Description

The vulnerability allows a local attacker to decrypt passwords.

The vulnerability exists due to the affected device stores the CLI user passwords encrypted in flash memory. An attacker with physical access can retrieve the file and decrypt the CLI user passwords.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

RUGGEDCOM RM1224 LTE(4G) EU: All versions

RUGGEDCOM RM1224 LTE(4G) NAM: All versions

SCALANCE M804PB: All versions

SCALANCE M812-1 ADSL-Router (Annex A): All versions

SCALANCE M812-1 ADSL-Router (Annex B): All versions

SCALANCE M816-1 ADSL-Router (Annex A): All versions

SCALANCE M816-1 ADSL-Router (Annex B): All versions

SCALANCE M826-2 SHDSL-Router: All versions

SCALANCE M874-2: All versions

SCALANCE M874-3: All versions

SCALANCE M876-3: All versions

SCALANCE M876-3 (ROK): All versions

SCALANCE M876-4: All versions

SCALANCE M876-4 (EU): All versions

SCALANCE M876-4 (NAM): All versions

SCALANCE MUM853-1 (EU): All versions

SCALANCE MUM856-1 (EU): All versions

SCALANCE MUM856-1 (RoW): All versions

SCALANCE S615: All versions

SCALANCE S615 EEC: All versions

SCALANCE W721-1 RJ45: All versions

SCALANCE W722-1 RJ45: All versions

SCALANCE W734-1 RJ45: All versions

SCALANCE W734-1 RJ45 (USA): All versions

SCALANCE W738-1 M12: All versions

SCALANCE W748-1 M12: All versions

SCALANCE W748-1 RJ45: All versions

SCALANCE W761-1 RJ45: All versions

SCALANCE W774-1 M12 EEC: All versions

SCALANCE W774-1 RJ45: All versions

SCALANCE W774-1 RJ45 (USA): All versions

SCALANCE W778-1 M12: All versions

SCALANCE W778-1 M12 EEC: All versions

SCALANCE W778-1 M12 EEC (USA): All versions

SCALANCE W786-1 RJ45: All versions

SCALANCE W786-2 RJ45: All versions

SCALANCE W786-2 SFP: All versions

SCALANCE W786-2IA RJ45: All versions

SCALANCE W788-1 M12: All versions

SCALANCE W788-1 RJ45: All versions

SCALANCE W788-2 M12: All versions

SCALANCE W788-2 M12 EEC: All versions

SCALANCE W788-2 RJ45: All versions

SCALANCE W788-2 RJ45): All versions

SCALANCE W1748-1 M12: All versions

SCALANCE W1788-1 M12: All versions

SCALANCE W1788-2 EEC M12: All versions

SCALANCE W1788-2 M12: All versions

SCALANCE W1788-2IA M12: All versions

SCALANCE WAM763-1: All versions

SCALANCE WAM766-1: All versions

SCALANCE WAM766-1 6GHz: All versions

SCALANCE WAM766-1 EEC: All versions

SCALANCE WAM766-1 EEC 6GHz: All versions

SCALANCE WUM763-1: All versions

SCALANCE WUM766-1: All versions

SCALANCE WUM766-1 6GHz: All versions

SCALANCE XB205-3 (SC: All versions

PN): All versions

SCALANCE XB205-3 (ST: All versions

E/IP): All versions

SCALANCE XB205-3LD (SC: All versions

SCALANCE XB208 (E/IP): All versions

SCALANCE XB208 (PN): All versions

SCALANCE XB213-3 (SC: All versions

SCALANCE XB213-3 (ST: All versions

SCALANCE XB213-3LD (SC: All versions

SCALANCE XB216 (E/IP): All versions

SCALANCE XB216 (PN): All versions

SCALANCE XC206-2 (SC): All versions

SCALANCE XC206-2 (ST/BFOC): All versions

SCALANCE XC206-2G PoE: All versions

SCALANCE XC206-2G PoE EEC (54 V DC): All versions

SCALANCE XC206-2SFP: All versions

SCALANCE XC206-2SFP EEC: All versions

SCALANCE XC206-2SFP G: All versions

SCALANCE XC206-2SFP G (EIP DEF.): All versions

SCALANCE XC206-2SFP G EEC: All versions

SCALANCE XC208: All versions

SCALANCE XC208EEC: All versions

SCALANCE XC208G: All versions

SCALANCE XC208G (EIP def.): All versions

SCALANCE XC208G EEC: All versions

SCALANCE XC208G PoE: All versions

SCALANCE XC208G PoE (54 V DC): All versions

SCALANCE XC21: All versions

SCALANCE XC216-3G PoE: All versions

SCALANCE XC216-3G PoE (54 V DC): All versions

SCALANCE XC216-4C: All versions

SCALANCE XC216-4C G: All versions

SCALANCE XC216-4C G (EIP Def.): All versions

SCALANCE XC216-4C G EEC: All versions

SCALANCE XC216EEC: All versions

SCALANCE XC224: All versions

SCALANCE XC224-4C G: All versions

SCALANCE XC224-4C G (EIP Def.): All versions

SCALANCE XC224-4C G EEC: All versions

SCALANCE XF204: All versions

SCALANCE XF204 DNA: All versions

SCALANCE XF204-2BA: All versions

SCALANCE XF204-2BA DNA: All versions

SCALANCE XM408-4C: All versions

SCALANCE XM408-4C (L3 int.): All versions

SCALANCE XM408-8C: All versions

SCALANCE XM408-8C (L3 int.): All versions

SCALANCE XM416-4C: All versions

SCALANCE XM416-4C (L3 int.): All versions

SCALANCE XP208: All versions

SCALANCE XP208 (Ethernet/IP): All versions

SCALANCE XP208EEC: All versions

SCALANCE XP208PoE EEC: All versions

SCALANCE XP216: All versions

SCALANCE XP216 (Ethernet/IP): All versions

SCALANCE XP216EEC: All versions

SCALANCE XP216POE EEC: All versions

SCALANCE XR324WG: All versions

SCALANCE XR326-2C PoE WG: All versions

SCALANCE XR328-4C WG: All versions

SCALANCE XR524-8C 1x230V: All versions

SCALANCE XR524-8C 1x230V (L3 int.): All versions

SCALANCE XR524-8C 2x230V: All versions

SCALANCE XR524-8C 2x230V (L3 int.): All versions

SCALANCE XR524-8C 24V: All versions

SCALANCE XR524-8C 24V (L3 int.): All versions

SCALANCE XR526-8C 1x230V: All versions

SCALANCE XR526-8C 1x230V (L3 int.): All versions

SCALANCE XR526-8C 2x230V: All versions

SCALANCE XR526-8C 2x230V (L3 int.): All versions

SCALANCE XR526-8C 24V: All versions

SCALANCE XR526-8C 24V (L3 int.): All versions

SCALANCE XR528-6M: All versions

SCALANCE XR528-6M (2HR2): All versions

SCALANCE XR528-6M (2HR2: All versions

L3 int.): All versions

SCALANCE XR528-6M (L3 int.): All versions

SCALANCE XR552-12M: All versions

SCALANCE XR552-12M (2HR2: All versions

SIPLUS NET SCALANCE XC206-2: All versions

SIPLUS NET SCALANCE XC206-2SFP: All versions

SIPLUS NET SCALANCE XC208: All versions

SIPLUS NET SCALANCE XC216-4C: All versions

External links
http://cert-portal.siemens.com/productcert/pdf/ssa-413565.pdf

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Siemens SCALANCE Products