Skip to main content

Ruggedcom Rm1224 Lte 4G Eu Firmware CVE-2022-46143

MEDIUM
Improper Validation of Specified Quantity in Input (CWE-1284)
2022-12-13 productcert@siemens.com
Information Disclosure Ruggedcom Rm1224 Lte 4G Eu Firmware Ruggedcom Rm1224 Lte 4G Nam Firmware Scalance M804Pb Firmware Scalance M812 1 Adsl Router Firmware Scalance M816 1 Adsl Router Firmware Scalance M826 2 Shdsl Router Firmware Scalance M874 2 Firmware Scalance M874 3 Firmware Scalance M876 3 Firmware Scalance M876 4 Firmware Scalance Mum853 1 Firmware Scalance Mum856 1 Firmware Scalance S615 Firmware Scalance S615 Eec Firmware Scalance Sc622 2C Firmware Scalance Sc626 2C Firmware Scalance Sc632 2C Firmware Scalance Sc636 2C Firmware Scalance Sc642 2C Firmware Scalance Sc646 2C Firmware Scalance W721 1 Rj45 Firmware Scalance W722 1 Rj45 Firmware Scalance W734 1 Rj45 Firmware Scalance W738 1 M12 Firmware Scalance W748 1 M12 Firmware Scalance W761 1 Rj45 Firmware Scalance W774 1 M12 Eec Firmware Scalance W774 1 M12 Rj45 Firmware Scalance W774 1 Rj45 Firmware Scalance W778 1 M12 Firmware Scalance W778 1 M12 Eec Firmware Scalance W786 1 Rj45 Firmware Scalance W786 2 Rj45 Firmware Scalance W786 2 Sfp Firmware Scalance W786 2Ia Rj45 Firmware Scalance W788 1 M12 Firmware Scalance W788 1 Rj45 Firmware Scalance W788 2 M12 Firmware Scalance W788 2 M12 Eec Firmware Scalance W1748 1 M12 Firmware Scalance W1788 1 M12 Firmware Scalance W1788 2 Eec M12 Firmware Scalance W1788 2 M12 Firmware Scalance W1788 2Ia M12 Firmware Scalance Wam763 1 Firmware Scalance Wam766 1 Firmware Scalance Wam766 1 6Ghz Firmware Scalance Wam766 1 Ecc Firmware Scalance Wum763 1 Firmware Scalance Wum766 1 Firmware Scalance Wum766 1 6Ghz Firmware Scalance Xb205 3 Firmware Scalance Xb205 3Ld Firmware Scalance Xb208 Firmware Scalance Xb213 3 Firmware Scalance Xb213 3Ld Firmware Scalance Xb216 Firmware Scalance Xc206 2 Firmware Scalance Xc206 2G Poe Firmware Scalance Xc206 2G Poe Eec Firmware Scalance Xc206 2Sfp Firmware Scalance Xc206 2Sfp Eec Firmware Scalance Xc206 2Sfp G Firmware Scalance Xc206 2Sfp G Eec Firmware Scalance Xc208 Firmware Scalance Xc208 Eec Firmware Scalance Xc208 Poe Firmware Scalance Xc216 Firmware Scalance Xc216 3G Poe Firmware Scalance Xc216 4C Firmware Scalance Xc216 4C G Firmware Scalance Xc216 4C G Eec Firmware Scalance Xc216Eec Firmware Scalance Xc224 Firmware Scalance Xc224 4C G Firmware Scalance Xc224 4C G Eec Firmware Scalance Xf204 Firmware Scalance Xf204 Dna Firmware Scalance Xf204 2Ba Firmware Scalance Xf204 2Bca Dna Firmware Scalance Xm408 4C Firmware Scalance Xm408 8C Firmware Scalance Xm416 4C Firmware Scalance Xp208 Firmware Scalance Xp208Eec Firmware Scalance Xp208Poe Eec Firmware Scalance Xp216 Firmware Scalance Xp216Eec Firmware Scalance Xp216Poe Eec Firmware Scalance Xr324Wg Firmware Scalance Xr326 2C Firmware Scalance Xr326 2C Poe Firmware Scalance Xr328 4C Wg Firmware Scalance Xr524 8C Firmware Scalance Xr526 8C Firmware Scalance Xr528 6M Firmware Scalance Xr552 12M Firmware Siplus Net Scalance Xc206 2 Firmware Siplus Net Scalance Xc206 2Sfp Firmware Siplus Net Scalance Xc208 Firmware Siplus Net Scalance Xc216 4C Firmware
5.1
CVSS 4.0 · Vendor: siemens
Share

Severity by source

Vendor (siemens) PRIMARY
5.1 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (siemens) · only source for this CVE.

CVSS VectorVendor: siemens

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

1
CVE Published
Dec 13, 2022 - 16:15 cve.org
MEDIUM 5.1

DescriptionCVE.org

Affected devices do not check the TFTP blocksize correctly. This could allow an authenticated attacker to read from an uninitialized buffer that potentially contains previously allocated data.

AnalysisAI

Affected devices do not check the TFTP blocksize correctly. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-1284. Affected devices do not check the TFTP blocksize correctly. This could allow an authenticated attacker to read from an uninitialized buffer that potentially contains previously allocated data. Affected products include: Siemens Ruggedcom Rm1224 Lte\(4G\) Eu Firmware, Siemens Ruggedcom Rm1224 Lte\(4G\) Nam Firmware, Siemens Scalance M804Pb Firmware, Siemens Scalance M812-1 Adsl-Router Firmware, Siemens Scalance M816-1 Adsl-Router Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2024-50572 HIGH
8.6 Nov 12

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM

CVE-2024-50557 HIGH
8.6 Nov 12

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM

CVE-2024-41976 HIGH
8.6 Aug 13

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM

CVE-2024-41977 HIGH
7.3 Aug 13

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM

CVE-2024-41978 HIGH
7.1 Aug 13

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM

CVE-2022-46140 HIGH
7.1 Dec 13

Affected devices use a weak encryption scheme to encrypt the debug zip file. Rated high severity (CVSS 7.1), this vulner

CVE-2024-50558 MEDIUM
5.3 Nov 12

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM

CVE-2022-46142 MEDIUM
5.2 Dec 13

Affected devices store the CLI user passwords encrypted in flash memory. Rated medium severity (CVSS 5.2), this vulnerab

CVE-2024-50561 MEDIUM
5.1 Nov 12

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM

CVE-2024-50559 MEDIUM
5.1 Nov 12

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM

CVE-2024-50560 LOW
2.3 Nov 12

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM

Share

CVE-2022-46143 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy