Weak Encryption Flaw in Siemens Devices Affects System Debugging
CVE-2022-46140

7.1HIGH

Key Information:

Vendor: Siemens
Status: Ruggedcom Rm1224 Lte(4g) Eu; Ruggedcom Rm1224 Lte(4g) Nam; Scalance M804pb; Scalance M812-1 Adsl-router
Vendor: CVE Published:; 13 December 2022

Summary

The vulnerability arises in Siemens devices that employ a weak encryption scheme to protect debug zip files. This flaw may permit an authenticated attacker to decrypt the file’s contents, potentially exposing sensitive debug information about the system. Such information could be leveraged to exploit other vulnerabilities or gain unauthorized access. It is essential for users to apply necessary updates and review encryption practices to safeguard their systems effectively.

Affected Version(s)

RUGGEDCOM RM1224 LTE(4G) EU 0

RUGGEDCOM RM1224 LTE(4G) NAM 0

SCALANCE M804PB 0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-41356...

https://cert-portal.siemens.com/productcert/html/ssa-4135...

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Dec 13, 2022
Vulnerability Reserved
Nov 28, 2022