CVE-2022-46142

MEDIUM

Affected Devices - Info Disclosure

Title source: llm

Description

Affected devices store the CLI user passwords encrypted in flash memory. Attackers with physical access to the device could retrieve the file and decrypt the CLI user passwords.

References (2)

[Vendor Advisory] https://cert-portal.siemens.com/productcert/html/ssa-413565.html

[Vendor Advisory] https://cert-portal.siemens.com/productcert/pdf/ssa-413565.pdf

Scores

CVSS v3 5.7

EPSS 0.0009

EPSS Percentile 25.3%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-522 CWE-257

Status published

Products (50)

siemens/ruggedcom_rm1224_lte\(4g\)_eu_firmware

siemens/ruggedcom_rm1224_lte\(4g\)_nam_firmware

siemens/scalance_m804pb_firmware

siemens/scalance_m812-1_adsl-router_firmware

siemens/scalance_m816-1_adsl-router_firmware

siemens/scalance_m826-2_shdsl-router_firmware

siemens/scalance_m874-2_firmware

siemens/scalance_m874-3_firmware

siemens/scalance_m876-3_firmware

siemens/scalance_m876-4_firmware

... and 40 more

Published Dec 13, 2022

Tracked Since Feb 18, 2026