Weak Encryption Flaw in Siemens Devices Affects System Debugging
CVE-2022-46140

6.5MEDIUM

Key Information:

Vendor: Siemens
Status: RUGGEDCOM RM1224 LTE(4G) EU; RUGGEDCOM RM1224 LTE(4G) NAM; SCALANCE M804PB; SCALANCE M812-1 ADSL-Router (Annex A)
Vendor: CVE Published:; 13 December 2022

Summary

The vulnerability arises in Siemens devices that employ a weak encryption scheme to protect debug zip files. This flaw may permit an authenticated attacker to decrypt the file’s contents, potentially exposing sensitive debug information about the system. Such information could be leveraged to exploit other vulnerabilities or gain unauthorized access. It is essential for users to apply necessary updates and review encryption practices to safeguard their systems effectively.

Affected Version(s)

RUGGEDCOM RM1224 LTE(4G) EU All versions < V7.2

RUGGEDCOM RM1224 LTE(4G) NAM All versions < V7.2

SCALANCE M804PB All versions < V7.2

References

https://cert-portal.siemens.com/productcert/pdf/ssa-41356...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 13, 2022
Vulnerability Reserved
Nov 28, 2022