CVE-2022-46144

{"id": "CVE-2022-46144", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "productcert@siemens.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "productcert@siemens.com", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 7.1, "automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "NONE", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "NONE", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2022-12-13T16:15:25.200", "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-413565.html", "source": "productcert@siemens.com"}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-690517.html", "source": "productcert@siemens.com"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-413565.pdf", "tags": ["Patch", "Vendor Advisory"], "source": "productcert@siemens.com"}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-413565.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-690517.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-413565.pdf", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-664"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (All versions < V2.3), SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC626-2C (6GK5626-2GS00-2AC2) (All versions < V2.3), SCALANCE SC626-2C (6GK5626-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC632-2C (6GK5632-2GS00-2AC2) (All versions < V2.3), SCALANCE SC632-2C (6GK5632-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC636-2C (6GK5636-2GS00-2AC2) (All versions < V2.3), SCALANCE SC636-2C (6GK5636-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC642-2C (6GK5642-2GS00-2AC2) (All versions < V2.3), SCALANCE SC642-2C (6GK5642-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC646-2C (6GK5646-2GS00-2AC2) (All versions < V2.3), SCALANCE SC646-2C (6GK5646-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V2.0.0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) (All versions < V2.0.0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions < V2.0.0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0) (All versions < V2.0.0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions < V2.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions < V2.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions < V2.0.0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0) (All versions < V2.0.0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0) (All versions < V2.0.0). Affected devices do not properly process CLI commands after a user forcefully quitted the SSH connection. This could allow an authenticated attacker to make the CLI via SSH or serial interface irresponsive."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en: \nSCALANCE SC622-2C (Todas las versiones &lt; V2.3), \nSCALANCE SC622-2C (Todas las versiones &gt;= 2.3 &lt; V3.0), \nSCALANCE SC626-2C (Todas las versiones &lt; V2.3 ), \nSCALANCE SC626-2C (Todas las versiones &gt;= 2.3 &lt; V3.0), \nSCALANCE SC632-2C (Todas las versiones &lt; V2.3), \nSCALANCE SC632-2C (Todas las versiones &gt;= 2.3 &lt; V3.0 ), \nSCALANCE SC636-2C (Todas las versiones &lt; V2.3), \nSCALANCE SC636-2C (Todas las versiones &gt;= 2.3 &lt; V3.0), \nSCALANCE SC642-2C (Todas las versiones &lt; V2.3), \nSCALANCE SC642 -2C (Todas las versiones &gt;= 2.3 &lt; V3.0), \nSCALANCE SC646-2C (Todas las versiones &lt; V2.3), \nSCALANCE SC646-2C (Todas las versiones &gt;= 2.3 &lt; V3.0). \nLos dispositivos afectados no procesan correctamente los comandos de la Interfaz de L\u00ednea de Comandos (CLI) despu\u00e9s de que un usuario abandon\u00f3 por la fuerza la conexi\u00f3n SSH. Esto podr\u00eda permitir que un atacante autenticado haga que la Interfaz de L\u00ednea de Comandos (CLI) a trav\u00e9s de SSH o la interfaz serie no responda."}], "lastModified": "2025-01-14T11:15:12.270", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:6gk5622-2gs00-2ac2_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5126C71-4E23-470A-BDD9-E455E5BC645C", "versionEndExcluding": "3.0", "versionStartIncluding": "2.3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:6gk5622-2gs00-2ac2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "12FE7784-D59A-4E1E-8551-06CCFED772E4"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:6gk5626-2gs00-2ac2_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C5CB015-BBE7-4D22-A2DD-692D107005AA", "versionEndExcluding": "3.0", "versionStartIncluding": "2.3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:6gk5626-2gs00-2ac2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "990EB0C2-0B61-4C6D-92FE-BFAC8E6FF7D1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:6gk5632-2gs00-2ac2_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E967C6E7-943B-4249-86F9-BF17C00161DB", "versionEndExcluding": "3.0", "versionStartIncluding": "2.3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:6gk5632-2gs00-2ac2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C64B24A5-BC52-4812-80BA-3F183641782F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:6gk5636-2gs00-2ac2_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BE7993B0-E74F-46FA-83D5-DB29BCA7AD76", "versionEndExcluding": "3.0", "versionStartIncluding": "2.3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:6gk5636-2gs00-2ac2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0E5F0040-9B10-4E6B-85AE-E4D04CFC42D0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:6gk5642-2gs00-2ac2_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F8CBBC5-960B-4A41-8470-E6E58EFACF0C", "versionEndExcluding": "3.0", "versionStartIncluding": "2.3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:6gk5642-2gs00-2ac2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "900B67C4-DC4D-47FC-9F5A-E53A23398C95"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:6gk5646-2gs00-2ac2_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3CEFD91-BD2A-468E-A5E8-4B1EB30D3A45", "versionEndExcluding": "3.0", "versionStartIncluding": "2.3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:6gk5646-2gs00-2ac2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2743D36E-2DEC-4250-B1B2-F1009A47590E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:6gk5622-2gs00-2ac2_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "028A3918-521C-4AF6-AC54-EDBA7805F43B", "versionEndExcluding": "2.3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:6gk5622-2gs00-2ac2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "12FE7784-D59A-4E1E-8551-06CCFED772E4"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:6gk5626-2gs00-2ac2_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7BE1CF07-0D43-4AC2-9733-1D3C01E0D504", "versionEndExcluding": "2.3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:6gk5626-2gs00-2ac2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "990EB0C2-0B61-4C6D-92FE-BFAC8E6FF7D1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:6gk5632-2gs00-2ac2_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0BF8D49-DB9D-4313-969E-7227D31D03B2", "versionEndExcluding": "2.3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:6gk5632-2gs00-2ac2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C64B24A5-BC52-4812-80BA-3F183641782F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:6gk5636-2gs00-2ac2_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9373F5DA-412B-4801-9CB2-8D49125EA21A", "versionEndExcluding": "2.3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:6gk5636-2gs00-2ac2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0E5F0040-9B10-4E6B-85AE-E4D04CFC42D0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:6gk5642-2gs00-2ac2_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D867739D-E78A-4F4B-964F-3D355BC575E5", "versionEndExcluding": "2.3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:6gk5642-2gs00-2ac2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "900B67C4-DC4D-47FC-9F5A-E53A23398C95"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:6gk5646-2gs00-2ac2_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A5F8C7B-305B-4ADA-B9C1-B38F336927CB", "versionEndExcluding": "2.3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:6gk5646-2gs00-2ac2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2743D36E-2DEC-4250-B1B2-F1009A47590E"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "productcert@siemens.com"}