CVE-2022-46140
MEDIUMSiemens Ruggedcom RM1224 LTE and Scalance Devices - Use of Weak Encryption for Debug Files
Title source: llmDescription
Affected devices use a weak encryption scheme to encrypt the debug zip file. This could allow an authenticated attacker to decrypt the contents of the file and retrieve debug information about the system.
References (2)
Core 2
Core References
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-413565.html
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-413565.pdf
Scores
CVSS v3
6.5
EPSS
0.0008
EPSS Percentile
24.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-327
Status
published
Products (50)
siemens/ruggedcom_rm1224_lte\(4g\)_eu_firmware
siemens/ruggedcom_rm1224_lte\(4g\)_nam_firmware
siemens/scalance_m804pb_firmware
siemens/scalance_m812-1_adsl-router_firmware
siemens/scalance_m816-1_adsl-router_firmware
siemens/scalance_m826-2_shdsl-router_firmware
siemens/scalance_m874-2_firmware
siemens/scalance_m874-3_firmware
siemens/scalance_m876-3_firmware
siemens/scalance_m876-4_firmware
... and 40 more
Published
Dec 13, 2022
Tracked Since
Feb 18, 2026