FKIE_CVE-2022-46144
Vulnerability from fkie_nvd - Published: 2022-12-13 16:15 - Updated: 2025-01-14 11:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability has been identified in SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (All versions < V2.3), SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC626-2C (6GK5626-2GS00-2AC2) (All versions < V2.3), SCALANCE SC626-2C (6GK5626-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC632-2C (6GK5632-2GS00-2AC2) (All versions < V2.3), SCALANCE SC632-2C (6GK5632-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC636-2C (6GK5636-2GS00-2AC2) (All versions < V2.3), SCALANCE SC636-2C (6GK5636-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC642-2C (6GK5642-2GS00-2AC2) (All versions < V2.3), SCALANCE SC642-2C (6GK5642-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC646-2C (6GK5646-2GS00-2AC2) (All versions < V2.3), SCALANCE SC646-2C (6GK5646-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V2.0.0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) (All versions < V2.0.0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions < V2.0.0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0) (All versions < V2.0.0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions < V2.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions < V2.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions < V2.0.0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0) (All versions < V2.0.0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0) (All versions < V2.0.0). Affected devices do not properly process CLI commands after a user forcefully quitted the SSH connection. This could allow an authenticated attacker to make the CLI via SSH or serial interface irresponsive.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:6gk5622-2gs00-2ac2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5126C71-4E23-470A-BDD9-E455E5BC645C",
"versionEndExcluding": "3.0",
"versionStartIncluding": "2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:6gk5622-2gs00-2ac2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12FE7784-D59A-4E1E-8551-06CCFED772E4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:6gk5626-2gs00-2ac2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C5CB015-BBE7-4D22-A2DD-692D107005AA",
"versionEndExcluding": "3.0",
"versionStartIncluding": "2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:6gk5626-2gs00-2ac2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "990EB0C2-0B61-4C6D-92FE-BFAC8E6FF7D1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:6gk5632-2gs00-2ac2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E967C6E7-943B-4249-86F9-BF17C00161DB",
"versionEndExcluding": "3.0",
"versionStartIncluding": "2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:6gk5632-2gs00-2ac2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C64B24A5-BC52-4812-80BA-3F183641782F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:6gk5636-2gs00-2ac2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE7993B0-E74F-46FA-83D5-DB29BCA7AD76",
"versionEndExcluding": "3.0",
"versionStartIncluding": "2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:6gk5636-2gs00-2ac2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E5F0040-9B10-4E6B-85AE-E4D04CFC42D0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:6gk5642-2gs00-2ac2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F8CBBC5-960B-4A41-8470-E6E58EFACF0C",
"versionEndExcluding": "3.0",
"versionStartIncluding": "2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:6gk5642-2gs00-2ac2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "900B67C4-DC4D-47FC-9F5A-E53A23398C95",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:6gk5646-2gs00-2ac2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CEFD91-BD2A-468E-A5E8-4B1EB30D3A45",
"versionEndExcluding": "3.0",
"versionStartIncluding": "2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:6gk5646-2gs00-2ac2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2743D36E-2DEC-4250-B1B2-F1009A47590E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:6gk5622-2gs00-2ac2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "028A3918-521C-4AF6-AC54-EDBA7805F43B",
"versionEndExcluding": "2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:6gk5622-2gs00-2ac2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12FE7784-D59A-4E1E-8551-06CCFED772E4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:6gk5626-2gs00-2ac2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BE1CF07-0D43-4AC2-9733-1D3C01E0D504",
"versionEndExcluding": "2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:6gk5626-2gs00-2ac2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "990EB0C2-0B61-4C6D-92FE-BFAC8E6FF7D1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:6gk5632-2gs00-2ac2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0BF8D49-DB9D-4313-969E-7227D31D03B2",
"versionEndExcluding": "2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:6gk5632-2gs00-2ac2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C64B24A5-BC52-4812-80BA-3F183641782F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:6gk5636-2gs00-2ac2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9373F5DA-412B-4801-9CB2-8D49125EA21A",
"versionEndExcluding": "2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:6gk5636-2gs00-2ac2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E5F0040-9B10-4E6B-85AE-E4D04CFC42D0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:6gk5642-2gs00-2ac2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D867739D-E78A-4F4B-964F-3D355BC575E5",
"versionEndExcluding": "2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:6gk5642-2gs00-2ac2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "900B67C4-DC4D-47FC-9F5A-E53A23398C95",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:6gk5646-2gs00-2ac2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A5F8C7B-305B-4ADA-B9C1-B38F336927CB",
"versionEndExcluding": "2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:6gk5646-2gs00-2ac2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2743D36E-2DEC-4250-B1B2-F1009A47590E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (All versions \u003c V2.3), SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (All versions \u003e= V2.3 \u003c V3.0), SCALANCE SC626-2C (6GK5626-2GS00-2AC2) (All versions \u003c V2.3), SCALANCE SC626-2C (6GK5626-2GS00-2AC2) (All versions \u003e= V2.3 \u003c V3.0), SCALANCE SC632-2C (6GK5632-2GS00-2AC2) (All versions \u003c V2.3), SCALANCE SC632-2C (6GK5632-2GS00-2AC2) (All versions \u003e= V2.3 \u003c V3.0), SCALANCE SC636-2C (6GK5636-2GS00-2AC2) (All versions \u003c V2.3), SCALANCE SC636-2C (6GK5636-2GS00-2AC2) (All versions \u003e= V2.3 \u003c V3.0), SCALANCE SC642-2C (6GK5642-2GS00-2AC2) (All versions \u003c V2.3), SCALANCE SC642-2C (6GK5642-2GS00-2AC2) (All versions \u003e= V2.3 \u003c V3.0), SCALANCE SC646-2C (6GK5646-2GS00-2AC2) (All versions \u003c V2.3), SCALANCE SC646-2C (6GK5646-2GS00-2AC2) (All versions \u003e= V2.3 \u003c V3.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions \u003c V2.0.0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) (All versions \u003c V2.0.0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions \u003c V2.0.0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0) (All versions \u003c V2.0.0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions \u003c V2.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions \u003c V2.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions \u003c V2.0.0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0) (All versions \u003c V2.0.0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0) (All versions \u003c V2.0.0). Affected devices do not properly process CLI commands after a user forcefully quitted the SSH connection. This could allow an authenticated attacker to make the CLI via SSH or serial interface irresponsive."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en: \nSCALANCE SC622-2C (Todas las versiones \u0026lt; V2.3), \nSCALANCE SC622-2C (Todas las versiones \u0026gt;= 2.3 \u0026lt; V3.0), \nSCALANCE SC626-2C (Todas las versiones \u0026lt; V2.3 ), \nSCALANCE SC626-2C (Todas las versiones \u0026gt;= 2.3 \u0026lt; V3.0), \nSCALANCE SC632-2C (Todas las versiones \u0026lt; V2.3), \nSCALANCE SC632-2C (Todas las versiones \u0026gt;= 2.3 \u0026lt; V3.0 ), \nSCALANCE SC636-2C (Todas las versiones \u0026lt; V2.3), \nSCALANCE SC636-2C (Todas las versiones \u0026gt;= 2.3 \u0026lt; V3.0), \nSCALANCE SC642-2C (Todas las versiones \u0026lt; V2.3), \nSCALANCE SC642 -2C (Todas las versiones \u0026gt;= 2.3 \u0026lt; V3.0), \nSCALANCE SC646-2C (Todas las versiones \u0026lt; V2.3), \nSCALANCE SC646-2C (Todas las versiones \u0026gt;= 2.3 \u0026lt; V3.0). \nLos dispositivos afectados no procesan correctamente los comandos de la Interfaz de L\u00ednea de Comandos (CLI) despu\u00e9s de que un usuario abandon\u00f3 por la fuerza la conexi\u00f3n SSH. Esto podr\u00eda permitir que un atacante autenticado haga que la Interfaz de L\u00ednea de Comandos (CLI) a trav\u00e9s de SSH o la interfaz serie no responda."
}
],
"id": "CVE-2022-46144",
"lastModified": "2025-01-14T11:15:12.270",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "productcert@siemens.com",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "productcert@siemens.com",
"type": "Primary"
}
]
},
"published": "2022-12-13T16:15:25.200",
"references": [
{
"source": "productcert@siemens.com",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-413565.html"
},
{
"source": "productcert@siemens.com",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-690517.html"
},
{
"source": "productcert@siemens.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-413565.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-413565.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-690517.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-413565.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-664"
}
],
"source": "productcert@siemens.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…