CVE-2022-46143

LOW

TFTP - Memory Corruption

Title source: llm

Description

Affected devices do not check the TFTP blocksize correctly. This could allow an authenticated attacker to read from an uninitialized buffer that potentially contains previously allocated data.

References (4)

[Vendor Advisory] https://cert-portal.siemens.com/productcert/pdf/ssa-180704.pdf

[Vendor Advisory] https://cert-portal.siemens.com/productcert/html/ssa-180704.html

[Vendor Advisory] https://cert-portal.siemens.com/productcert/html/ssa-413565.html

[Vendor Advisory] https://cert-portal.siemens.com/productcert/pdf/ssa-413565.pdf

Scores

CVSS v3 2.7

EPSS 0.0044

EPSS Percentile 63.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-1284

Status published

Products (50)

siemens/ruggedcom_rm1224_lte\(4g\)_eu_firmware

siemens/ruggedcom_rm1224_lte\(4g\)_nam_firmware

siemens/scalance_m804pb_firmware

siemens/scalance_m812-1_adsl-router_firmware

siemens/scalance_m816-1_adsl-router_firmware

siemens/scalance_m826-2_shdsl-router_firmware

siemens/scalance_m874-2_firmware

siemens/scalance_m874-3_firmware

siemens/scalance_m876-3_firmware

siemens/scalance_m876-4_firmware

... and 40 more

Published Dec 13, 2022

Tracked Since Feb 18, 2026