CVE-2022-46143

CWE-12846 documents5 sources

Severity

5.1MEDIUM

EPSS

0.4%

top 38.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

137

Siemens Ruggedcom Rm1224 Lte(4g) EU Siemens Ruggedcom Rm1224 Lte(4g) NAM Siemens Scalance M804pb +134 more

Timeline

PublishedDec 13

Latest updateDec 4

Description

Affected devices do not check the TFTP blocksize correctly. This could allow an authenticated attacker to read from an uninitialized buffer that potentially contains previously allocated data.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages137 packages

▶CVEListV5siemens/scalance_xc208< V4.4

▶CVEListV5siemens/scalance_xc216< V4.4

▶CVEListV5siemens/scalance_xc224< V4.4

▶CVEListV5siemens/scalance_xf204< V4.4

▶CVEListV5siemens/scalance_xp208< V4.4

🔴Vulnerability Details

OSV

mame vulnerabilities↗2025-12-04

▶

GHSA

GHSA-v7cj-vm62-r38r: Affected devices do not check the TFTP blocksize correctly↗2022-12-13

▶

CVEList

CVE-2022-46143: Affected devices do not check the TFTP blocksize correctly↗2022-12-13

▶

OSV

libxmltok vulnerabilities↗2022-07-19

▶