Exposure of Encrypted Passwords in Siemens Devices
CVE-2022-46142

5.2MEDIUM

Key Information:

Vendor
Siemens
Status
Ruggedcom Rm1224 Lte(4g) Eu
Ruggedcom Rm1224 Lte(4g) Nam
Scalance M804pb
Scalance M812-1 Adsl-router
Vendor
CVE Published:
13 December 2022

Summary

A security vulnerability exists in Siemens devices that allows attackers with physical access to extract and decrypt CLI user passwords stored in flash memory. This could lead to unauthorized access to device management functions, highlighting the importance of securing physical access to devices.

Affected Version(s)

RUGGEDCOM RM1224 LTE(4G) EU 0

RUGGEDCOM RM1224 LTE(4G) NAM 0

SCALANCE M804PB 0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-41356...
https://cert-portal.siemens.com/productcert/html/ssa-4135...

CVSS V4

Score:
5.2
Severity:
MEDIUM
Confidentiality:
High
Integrity:
Low
Availability:
Low
Attack Vector:
Physical
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.