CVE-2022-46140 — Use of a Broken or Risky Cryptographic Algorithm in Siemens Ruggedcom Rm1224 LTE EU

CWE-327 — Use of a Broken or Risky Cryptographic Algorithm3 documents3 sources

Severity

7.1HIGHNVD

EPSS

0.1%

top 75.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Ruggedcom Rm1224 LTE EU Siemens Ruggedcom Rm1224 LTE NAM Siemens Scalance M804pb +96 more

Timeline

PublishedDec 13

Description

Affected devices use a weak encryption scheme to encrypt the debug zip file. This could allow an authenticated attacker to decrypt the contents of the file and retrieve debug information about the system.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages99 packages

▶CVEListV5siemens/scalance_xb208< V4.4

▶CVEListV5siemens/scalance_xb216< V4.4

▶CVEListV5siemens/scalance_xc208< V4.4

▶CVEListV5siemens/scalance_xc216< V4.4

▶CVEListV5siemens/scalance_xc224< V4.4

🔴Vulnerability Details

CVEList

CVE-2022-46140: Affected devices use a weak encryption scheme to encrypt the debug zip file↗2022-12-13

▶

GHSA

GHSA-39hc-9gp8-p9wh: Affected devices use a weak encryption scheme to encrypt the debug zip file↗2022-12-13

▶