Siemens Scalance Sc642-2C Firmware vulnerabilities

CVE-2022-46140 [HIGH] CWE-327 CVE-2022-46140: Affected devices use a weak encryption scheme to encrypt the debug zip file. This could allow an aut Affected devices use a weak encryption scheme to encrypt the debug zip file. This could allow an authenticated attacker to decrypt the contents of the file and retrieve debug information about the system.

CVE-2022-46143 [MEDIUM] CWE-1284 CVE-2022-46143: Affected devices do not check the TFTP blocksize correctly. This could allow an authenticated attack Affected devices do not check the TFTP blocksize correctly. This could allow an authenticated attacker to read from an uninitialized buffer that potentially contains previously allocated data.

CVE-2022-46142 [MEDIUM] CWE-257 CVE-2022-46142: Affected devices store the CLI user passwords encrypted in flash memory. Attackers with physical acc Affected devices store the CLI user passwords encrypted in flash memory. Attackers with physical access to the device could retrieve the file and decrypt the CLI user passwords.

CVE-2022-36323 [HIGH] CWE-74 CVE-2022-36323: Affected devices do not properly sanitize an input field. This could allow an authenticated remote Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell.

CVE-2022-36325 [MEDIUM] CWE-80 CVE-2022-36325: Affected devices do not properly sanitize data introduced by an user when rendering the web interfac Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS.

CVE-2022-32205 [MEDIUM] CWE-770 CVE-2022-32205: A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl a A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to av

CVE-2022-32206 [MEDIUM] CWE-770 CVE-2022-32206: curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be c curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a

CVE-2022-30065 [HIGH] CWE-416 CVE-2022-30065: A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code executi A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function.

CVE-2018-25032 [HIGH] CWE-787 CVE-2018-25032: zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

CVE-2021-25667 [HIGH] CWE-121 CVE-2021-25667: A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and = V4.3 and = V4.3 and = V2.0 and < V2.1.3), SCALANCE XB-200 (All versions < V4.1), SCALANCE XC-200 (All versions < V4.1), SCALANCE XF-200BA (All versions < V4.1), SCALANCE XM400 (All versions < V6.2), SCALANCE XP-200 (All versions < V4.1), SCALANCE XR-300WG (All versions