Strix
26.1K

CVE-2022-46140

HIGHCVSS 7.1/10EPSS 0.23%

Last modified

CVE-2022-46140 is a high-severity vulnerability rated 7.1/10 on the CVSS scale. Affected devices use a weak encryption scheme to encrypt the debug zip file. This could allow an authenticated attacker to decrypt the contents of the file and retrieve debug information about the system.. EPSS estimates a 0.23% chance of exploitation in the next 30 days.

Description

Affected devices use a weak encryption scheme to encrypt the debug zip file. This could allow an authenticated attacker to decrypt the contents of the file and retrieve debug information about the system.

Metrics

CVSS 3.1
6.5/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS 4.0
7.1/10

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Probability
0.23%

14.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
SiemensRuggedcom Rm1224 Lte\(4g\) Eu FirmwareAll versions
SiemensRuggedcom Rm1224 Lte\(4g\) Nam FirmwareAll versions
SiemensScalance M804pb FirmwareAll versions
SiemensScalance M812-1 Adsl-Router FirmwareAll versions
SiemensScalance M816-1 Adsl-Router FirmwareAll versions
SiemensScalance M826-2 Shdsl-Router FirmwareAll versions
SiemensScalance M874-2 FirmwareAll versions
SiemensScalance M874-3 FirmwareAll versions
SiemensScalance M876-3 FirmwareAll versions
SiemensScalance M876-4 FirmwareAll versions
SiemensScalance Mum853-1 FirmwareAll versions
SiemensScalance Mum856-1 FirmwareAll versions
SiemensScalance S615 FirmwareAll versions
SiemensScalance S615 Eec FirmwareAll versions
SiemensScalance Sc622-2c Firmware< 2.3
SiemensScalance Sc626-2c Firmware< 2.3
SiemensScalance Sc632-2c Firmware< 2.3
SiemensScalance Sc636-2c Firmware< 2.3
SiemensScalance Sc642-2c Firmware< 2.3
SiemensScalance Sc646-2c Firmware< 2.3
SiemensScalance W721-1 Rj45 FirmwareAll versions
SiemensScalance W722-1 Rj45 FirmwareAll versions
SiemensScalance W734-1 Rj45 FirmwareAll versions
SiemensScalance W738-1 M12 FirmwareAll versions
SiemensScalance W748-1 M12 FirmwareAll versions
SiemensScalance W761-1 Rj45 FirmwareAll versions
SiemensScalance W774-1 M12 Eec FirmwareAll versions
SiemensScalance W774-1 M12 Rj45 FirmwareAll versions
SiemensScalance W774-1 Rj45 FirmwareAll versions
SiemensScalance W778-1 M12 FirmwareAll versions
SiemensScalance W778-1 M12 Eec FirmwareAll versions
SiemensScalance W786-1 Rj45 FirmwareAll versions
SiemensScalance W786-2 Rj45 FirmwareAll versions
SiemensScalance W786-2 Sfp FirmwareAll versions
SiemensScalance W786-2ia Rj45 FirmwareAll versions
SiemensScalance W788-1 M12 FirmwareAll versions
SiemensScalance W788-1 Rj45 FirmwareAll versions
SiemensScalance W788-2 M12 FirmwareAll versions
SiemensScalance W788-2 M12 Eec FirmwareAll versions
SiemensScalance W1748-1 M12 FirmwareAll versions
SiemensScalance W1788-1 M12 FirmwareAll versions
SiemensScalance W1788-2 Eec M12 FirmwareAll versions
SiemensScalance W1788-2 M12 FirmwareAll versions
SiemensScalance W1788-2ia M12 FirmwareAll versions
SiemensScalance Wam763-1 FirmwareAll versions
SiemensScalance Wam766-1 FirmwareAll versions
SiemensScalance Wam766-1 6ghz FirmwareAll versions
SiemensScalance Wam766-1 Ecc FirmwareAll versions
SiemensScalance Wum763-1 FirmwareAll versions
SiemensScalance Wum766-1 FirmwareAll versions

Showing 50 of 101 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2022-46140?
Affected devices use a weak encryption scheme to encrypt the debug zip file. This could allow an authenticated attacker to decrypt the contents of the file and retrieve debug information about the system.
How severe is CVE-2022-46140?
CVE-2022-46140 has a CVSS score of 7.1/10 (HIGH severity). The EPSS model estimates a 0.23% probability of exploitation in the next 30 days.
How do I fix CVE-2022-46140?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-46140?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST