CVE-2022-46142 — Storing Passwords in a Recoverable Format in Siemens Ruggedcom Rm1224 LTE EU

CWE-257 — Storing Passwords in a Recoverable Format CWE-522 — Insufficiently Protected Credentials3 documents3 sources

Severity

5.2MEDIUMNVD

EPSS

0.1%

top 74.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Ruggedcom Rm1224 LTE EU Siemens Ruggedcom Rm1224 LTE NAM Siemens Scalance M804pb +96 more

Timeline

PublishedDec 13

Description

Affected devices store the CLI user passwords encrypted in flash memory. Attackers with physical access to the device could retrieve the file and decrypt the CLI user passwords.

CVSS vector

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages99 packages

▶CVEListV5siemens/scalance_xb208< V4.4

▶CVEListV5siemens/scalance_xb216< V4.4

▶CVEListV5siemens/scalance_xc208< V4.4

▶CVEListV5siemens/scalance_xc216< V4.4

▶CVEListV5siemens/scalance_xc224< V4.4

🔴Vulnerability Details

GHSA

GHSA-3m3j-3mx3-jmxc: Affected devices store the CLI user passwords encrypted in flash memory↗2022-12-13

▶

CVEList

CVE-2022-46142: Affected devices store the CLI user passwords encrypted in flash memory↗2022-12-13

▶