CVE-2022-46142 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.7 MEDIUM	PHYSICAL	LOW	NONE	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
siemens	CNA	5.7 MEDIUM				CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 19%

Vendor	Product	Version
siemens	ruggedcom_rm1224_lte\(4g\)_eu_firmware	*
siemens	ruggedcom_rm1224_lte\(4g\)_nam_firmware	*
siemens	scalance_m804pb_firmware	*
siemens	scalance_m812-1_adsl-router_firmware	*
siemens	scalance_m816-1_adsl-router_firmware	*
siemens	scalance_m826-2_shdsl-router_firmware	*
siemens	scalance_m874-2_firmware	*
siemens	scalance_m874-3_firmware	*
siemens	scalance_m876-3_firmware	*
siemens	scalance_m876-4_firmware	*
siemens	scalance_mum853-1_firmware	*
siemens	scalance_mum856-1_firmware	*
siemens	scalance_s615_firmware	*
siemens	scalance_s615_eec_firmware	*
siemens	scalance_sc622-2c_firmware	𝑥 < 2.3
siemens	scalance_sc626-2c_firmware	𝑥 < 2.3
siemens	scalance_sc632-2c_firmware	𝑥 < 2.3
siemens	scalance_sc636-2c_firmware	𝑥 < 2.3
siemens	scalance_sc642-2c_firmware	𝑥 < 2.3
siemens	scalance_sc646-2c_firmware	𝑥 < 2.3
siemens	scalance_w721-1_rj45_firmware	*
siemens	scalance_w722-1_rj45_firmware	*
siemens	scalance_w734-1_rj45_firmware	*
siemens	scalance_w738-1_m12_firmware	*
siemens	scalance_w748-1_m12_firmware	*
siemens	scalance_w761-1_rj45_firmware	-
siemens	scalance_w774-1_m12_eec_firmware	-
siemens	scalance_w774-1_m12_rj45_firmware	-
siemens	scalance_w774-1_rj45_firmware	-
siemens	scalance_w778-1_m12_firmware	-
siemens	scalance_w778-1_m12_eec_firmware	-
siemens	scalance_w786-1_rj45_firmware	-
siemens	scalance_w786-2_rj45_firmware	-
siemens	scalance_w786-2_sfp_firmware	-
siemens	scalance_w786-2ia_rj45_firmware	-
siemens	scalance_w788-1_m12_firmware	-
siemens	scalance_w788-1_rj45_firmware	-
siemens	scalance_w788-2_m12_firmware	-
siemens	scalance_w788-2_m12_eec_firmware	-
siemens	scalance_w1748-1_m12_firmware	-
siemens	scalance_w1788-1_m12_firmware	-
siemens	scalance_w1788-2_eec_m12_firmware	-
siemens	scalance_w1788-2_m12_firmware	-
siemens	scalance_w1788-2ia_m12_firmware	-
siemens	scalance_wam763-1_firmware	-
siemens	scalance_wam766-1_firmware	-
siemens	scalance_wam766-1_6ghz_firmware	-
siemens	scalance_wam766-1_ecc_firmware	-
siemens	scalance_wum763-1_firmware	-
siemens	scalance_wum766-1_firmware	-
siemens	scalance_wum766-1_6ghz_firmware	-
siemens	scalance_xb205-3_firmware	-
siemens	scalance_xb205-3ld_firmware	-
siemens	scalance_xb208_firmware	-
siemens	scalance_xb213-3_firmware	-
siemens	scalance_xb213-3ld_firmware	-
siemens	scalance_xb216_firmware	-
siemens	scalance_xc206-2_firmware	-
siemens	scalance_xc206-2g_poe_firmware	-
siemens	scalance_xc206-2g_poe_eec_firmware	-
siemens	scalance_xc206-2sfp_firmware	-
siemens	scalance_xc206-2sfp_eec_firmware	-
siemens	scalance_xc206-2sfp_g_firmware	-
siemens	scalance_xc206-2sfp_g_eec_firmware	-
siemens	scalance_xc208_firmware	-
siemens	scalance_xc208_eec_firmware	-
siemens	scalance_xc208_poe_firmware	-
siemens	scalance_xc216_firmware	-
siemens	scalance_xc216-3g_poe_firmware	-
siemens	scalance_xc216-4c_firmware	-
siemens	scalance_xc216-4c_g_firmware	-
siemens	scalance_xc216-4c_g_eec_firmware	-
siemens	scalance_xc216eec_firmware	-
siemens	scalance_xc224_firmware	-
siemens	scalance_xc224-4c_g_firmware	-
siemens	scalance_xc224-4c_g_eec_firmware	-
siemens	scalance_xf204_firmware	-
siemens	scalance_xf204_dna_firmware	-
siemens	scalance_xf204-2ba_firmware	-
siemens	scalance_xf204-2bca_dna_firmware	-
siemens	scalance_xm408-4c_firmware	-
siemens	scalance_xm408-8c_firmware	-
siemens	scalance_xm416-4c_firmware	-
siemens	scalance_xp208_firmware	-
siemens	scalance_xp208eec_firmware	-
siemens	scalance_xp208poe_eec_firmware	-
siemens	scalance_xp216_firmware	-
siemens	scalance_xp216eec_firmware	-
siemens	scalance_xp216poe_eec_firmware	-
siemens	scalance_xr324wg_firmware	-
siemens	scalance_xr326-2c_firmware	-
siemens	scalance_xr326-2c_poe_firmware	-
siemens	scalance_xr328-4c_wg_firmware	-
siemens	scalance_xr524-8c_firmware	-
siemens	scalance_xr526-8c_firmware	-
siemens	scalance_xr528-6m_firmware	-
siemens	scalance_xr552-12m_firmware	-
siemens	siplus_net_scalance_xc206-2_firmware	-
siemens	siplus_net_scalance_xc206-2sfp_firmware	-
siemens	siplus_net_scalance_xc208_firmware	-
siemens	siplus_net_scalance_xc216-4c_firmware	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-257 - Storing Passwords in a Recoverable Format
The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts.
CWE-522 - Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References

https://cert-portal.siemens.com/productcert/html/ssa-413565.html

https://cert-portal.siemens.com/productcert/pdf/ssa-413565.pdf