CVE-2022-46144

13.12.2022, 16:15

A vulnerability has been identified in SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (All versions < V2.3), SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC626-2C (6GK5626-2GS00-2AC2) (All versions < V2.3), SCALANCE SC626-2C (6GK5626-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC632-2C (6GK5632-2GS00-2AC2) (All versions < V2.3), SCALANCE SC632-2C (6GK5632-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC636-2C (6GK5636-2GS00-2AC2) (All versions < V2.3), SCALANCE SC636-2C (6GK5636-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC642-2C (6GK5642-2GS00-2AC2) (All versions < V2.3), SCALANCE SC642-2C (6GK5642-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC646-2C (6GK5646-2GS00-2AC2) (All versions < V2.3), SCALANCE SC646-2C (6GK5646-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V2.0.0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) (All versions < V2.0.0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions < V2.0.0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0) (All versions < V2.0.0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions < V2.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions < V2.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions < V2.0.0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0) (All versions < V2.0.0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0) (All versions < V2.0.0). Affected devices do not properly process CLI commands after a user forcefully quitted the SSH connection. This could allow an authenticated attacker to make the CLI via SSH or serial  interface irresponsive.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
siemens	CNA	6.5 MEDIUM				CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 54%

Vendor	Product	Version
siemens	6gk5622-2gs00-2ac2_firmware	2.3 ≤ 𝑥 < 3.0
siemens	6gk5626-2gs00-2ac2_firmware	2.3 ≤ 𝑥 < 3.0
siemens	6gk5632-2gs00-2ac2_firmware	2.3 ≤ 𝑥 < 3.0
siemens	6gk5636-2gs00-2ac2_firmware	2.3 ≤ 𝑥 < 3.0
siemens	6gk5642-2gs00-2ac2_firmware	2.3 ≤ 𝑥 < 3.0
siemens	6gk5646-2gs00-2ac2_firmware	2.3 ≤ 𝑥 < 3.0
siemens	6gk5622-2gs00-2ac2_firmware	𝑥 < 2.3
siemens	6gk5626-2gs00-2ac2_firmware	𝑥 < 2.3
siemens	6gk5632-2gs00-2ac2_firmware	𝑥 < 2.3
siemens	6gk5636-2gs00-2ac2_firmware	𝑥 < 2.3
siemens	6gk5642-2gs00-2ac2_firmware	𝑥 < 2.3
siemens	6gk5646-2gs00-2ac2_firmware	𝑥 < 2.3

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-664 - Improper Control of a Resource Through its Lifetime
The software does not maintain or incorrectly maintains control over a resource throughout its lifetime of creation, use, and release.

References

https://cert-portal.siemens.com/productcert/html/ssa-413565.html

https://cert-portal.siemens.com/productcert/html/ssa-690517.html

https://cert-portal.siemens.com/productcert/pdf/ssa-413565.pdf

https://cert-portal.siemens.com/productcert/html/ssa-413565.html

https://cert-portal.siemens.com/productcert/html/ssa-690517.html

https://cert-portal.siemens.com/productcert/pdf/ssa-413565.pdf