CVE-2022-46142

MEDIUM

Affected Devices - Info Disclosure

Title source: llm

Description

Affected devices store the CLI user passwords encrypted in flash memory. Attackers with physical access to the device could retrieve the file and decrypt the CLI user passwords.

References (2)

[Vendor Advisory] https://cert-portal.siemens.com/productcert/html/ssa-413565.html

[Vendor Advisory] https://cert-portal.siemens.com/productcert/pdf/ssa-413565.pdf

Scores

CVSS v3 5.7

EPSS 0.0009

EPSS Percentile 25.4%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Classification

CWE

CWE-522 CWE-257

Status published

Affected Products (50)

siemens/ruggedcom_rm1224_lte\(4g\)_eu_firmware

siemens/ruggedcom_rm1224_lte\(4g\)_nam_firmware

siemens/scalance_m804pb_firmware

siemens/scalance_m812-1_adsl-router_firmware

siemens/scalance_m816-1_adsl-router_firmware

siemens/scalance_m826-2_shdsl-router_firmware

siemens/scalance_m874-2_firmware

siemens/scalance_m874-3_firmware

siemens/scalance_m876-3_firmware

siemens/scalance_m876-4_firmware

siemens/scalance_mum853-1_firmware

siemens/scalance_mum856-1_firmware

siemens/scalance_s615_firmware

siemens/scalance_s615_eec_firmware

siemens/scalance_sc622-2c_firmware < 2.3

... and 35 more

Timeline

Published Dec 13, 2022

Tracked Since Feb 18, 2026