CVE-2022-46144

Severity Score

6.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability has been identified in SCALANCE SC622-2C (All versions < V2.3), SCALANCE SC622-2C (All versions >= V2.3 < V3.0), SCALANCE SC626-2C (All versions < V2.3), SCALANCE SC626-2C (All versions >= V2.3 < V3.0), SCALANCE SC632-2C (All versions < V2.3), SCALANCE SC632-2C (All versions >= V2.3 < V3.0), SCALANCE SC636-2C (All versions < V2.3), SCALANCE SC636-2C (All versions >= V2.3 < V3.0), SCALANCE SC642-2C (All versions < V2.3), SCALANCE SC642-2C (All versions >= V2.3 < V3.0), SCALANCE SC646-2C (All versions < V2.3), SCALANCE SC646-2C (All versions >= V2.3 < V3.0). Affected devices do not properly process CLI commands after a user forcefully quitted the SSH connection. This could allow an authenticated attacker to make the CLI via SSH or serial interface irresponsive.

Se ha identificado una vulnerabilidad en:
SCALANCE SC622-2C (Todas las versiones < V2.3),
SCALANCE SC622-2C (Todas las versiones >= 2.3 < V3.0),
SCALANCE SC626-2C (Todas las versiones < V2.3 ),
SCALANCE SC626-2C (Todas las versiones >= 2.3 < V3.0),
SCALANCE SC632-2C (Todas las versiones < V2.3),
SCALANCE SC632-2C (Todas las versiones >= 2.3 < V3.0 ),
SCALANCE SC636-2C (Todas las versiones < V2.3),
SCALANCE SC636-2C (Todas las versiones >= 2.3 < V3.0),
SCALANCE SC642-2C (Todas las versiones < V2.3),
SCALANCE SC642 -2C (Todas las versiones >= 2.3 < V3.0),
SCALANCE SC646-2C (Todas las versiones < V2.3),
SCALANCE SC646-2C (Todas las versiones >= 2.3 < V3.0).
Los dispositivos afectados no procesan correctamente los comandos de la Interfaz de Línea de Comandos (CLI) después de que un usuario abandonó por la fuerza la conexión SSH. Esto podría permitir que un atacante autenticado haga que la Interfaz de Línea de Comandos (CLI) a través de SSH o la interfaz serie no responda.

A vulnerability has been identified in SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (All versions < V2.3), SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC626-2C (6GK5626-2GS00-2AC2) (All versions < V2.3), SCALANCE SC626-2C (6GK5626-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC632-2C (6GK5632-2GS00-2AC2) (All versions < V2.3), SCALANCE SC632-2C (6GK5632-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC636-2C (6GK5636-2GS00-2AC2) (All versions < V2.3), SCALANCE SC636-2C (6GK5636-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC642-2C (6GK5642-2GS00-2AC2) (All versions < V2.3), SCALANCE SC642-2C (6GK5642-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC646-2C (6GK5646-2GS00-2AC2) (All versions < V2.3), SCALANCE SC646-2C (6GK5646-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (All versions), SCALANCE WAM766-1 (EU) (6GK5766-1GE00-7DA0) (All versions), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (All versions), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions), SCALANCE WAM766-1 EEC (EU) (6GK5766-1GE00-7TA0) (All versions), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) (All versions), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) (All versions), SCALANCE WUB762-1 (6GK5762-1AJ00-2AA0) (All versions), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) (All versions), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) (All versions), SCALANCE WUM766-1 (EU) (6GK5766-1GE00-3DA0) (All versions), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) (All versions), SCALANCE WUM766-1 (US) (6GK5766-1GE00-3DB0) (All versions). Affected devices do not properly process CLI commands after a user forcefully quitted the SSH connection. This could allow an authenticated attacker to make the CLI via SSH or serial interface irresponsive.

*Credits: N/A

CVSS Scores

Siemens AGv3.1 6.5

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-11-28 CVE Reserved
2022-12-13 CVE Published
2024-08-03 EPSS Updated
2024-09-10 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-664: Improper Control of a Resource Through its Lifetime

CAPEC

References (3)

URL	Tag	Source
https://cert-portal.siemens.com/productcert/html/ssa-413565.html
https://cert-portal.siemens.com/productcert/html/ssa-690517.html

URL	Date	SRC

URL	Date	SRC
https://cert-portal.siemens.com/productcert/pdf/ssa-413565.pdf	2023-10-10

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Siemens Search vendor "Siemens"	6gk5622-2gs00-2ac2 Firmware Search vendor "Siemens" for product "6gk5622-2gs00-2ac2 Firmware"	>= 2.3 < 3.0 Search vendor "Siemens" for product "6gk5622-2gs00-2ac2 Firmware" and version " >= 2.3 < 3.0"	-	Affected	in	Siemens Search vendor "Siemens"	6gk5622-2gs00-2ac2 Search vendor "Siemens" for product "6gk5622-2gs00-2ac2"	-	-	Safe
Siemens Search vendor "Siemens"	6gk5626-2gs00-2ac2 Firmware Search vendor "Siemens" for product "6gk5626-2gs00-2ac2 Firmware"	>= 2.3 < 3.0 Search vendor "Siemens" for product "6gk5626-2gs00-2ac2 Firmware" and version " >= 2.3 < 3.0"	-	Affected	in	Siemens Search vendor "Siemens"	6gk5626-2gs00-2ac2 Search vendor "Siemens" for product "6gk5626-2gs00-2ac2"	-	-	Safe
Siemens Search vendor "Siemens"	6gk5632-2gs00-2ac2 Firmware Search vendor "Siemens" for product "6gk5632-2gs00-2ac2 Firmware"	>= 2.3 < 3.0 Search vendor "Siemens" for product "6gk5632-2gs00-2ac2 Firmware" and version " >= 2.3 < 3.0"	-	Affected	in	Siemens Search vendor "Siemens"	6gk5632-2gs00-2ac2 Search vendor "Siemens" for product "6gk5632-2gs00-2ac2"	-	-	Safe
Siemens Search vendor "Siemens"	6gk5636-2gs00-2ac2 Firmware Search vendor "Siemens" for product "6gk5636-2gs00-2ac2 Firmware"	>= 2.3 < 3.0 Search vendor "Siemens" for product "6gk5636-2gs00-2ac2 Firmware" and version " >= 2.3 < 3.0"	-	Affected	in	Siemens Search vendor "Siemens"	6gk5636-2gs00-2ac2 Search vendor "Siemens" for product "6gk5636-2gs00-2ac2"	-	-	Safe
Siemens Search vendor "Siemens"	6gk5642-2gs00-2ac2 Firmware Search vendor "Siemens" for product "6gk5642-2gs00-2ac2 Firmware"	>= 2.3 < 3.0 Search vendor "Siemens" for product "6gk5642-2gs00-2ac2 Firmware" and version " >= 2.3 < 3.0"	-	Affected	in	Siemens Search vendor "Siemens"	6gk5642-2gs00-2ac2 Search vendor "Siemens" for product "6gk5642-2gs00-2ac2"	-	-	Safe
Siemens Search vendor "Siemens"	6gk5646-2gs00-2ac2 Firmware Search vendor "Siemens" for product "6gk5646-2gs00-2ac2 Firmware"	>= 2.3 < 3.0 Search vendor "Siemens" for product "6gk5646-2gs00-2ac2 Firmware" and version " >= 2.3 < 3.0"	-	Affected	in	Siemens Search vendor "Siemens"	6gk5646-2gs00-2ac2 Search vendor "Siemens" for product "6gk5646-2gs00-2ac2"	-	-	Safe
Siemens Search vendor "Siemens"	6gk5622-2gs00-2ac2 Firmware Search vendor "Siemens" for product "6gk5622-2gs00-2ac2 Firmware"	< 2.3 Search vendor "Siemens" for product "6gk5622-2gs00-2ac2 Firmware" and version " < 2.3"	-	Affected	in	Siemens Search vendor "Siemens"	6gk5622-2gs00-2ac2 Search vendor "Siemens" for product "6gk5622-2gs00-2ac2"	-	-	Safe
Siemens Search vendor "Siemens"	6gk5626-2gs00-2ac2 Firmware Search vendor "Siemens" for product "6gk5626-2gs00-2ac2 Firmware"	< 2.3 Search vendor "Siemens" for product "6gk5626-2gs00-2ac2 Firmware" and version " < 2.3"	-	Affected	in	Siemens Search vendor "Siemens"	6gk5626-2gs00-2ac2 Search vendor "Siemens" for product "6gk5626-2gs00-2ac2"	-	-	Safe
Siemens Search vendor "Siemens"	6gk5632-2gs00-2ac2 Firmware Search vendor "Siemens" for product "6gk5632-2gs00-2ac2 Firmware"	< 2.3 Search vendor "Siemens" for product "6gk5632-2gs00-2ac2 Firmware" and version " < 2.3"	-	Affected	in	Siemens Search vendor "Siemens"	6gk5632-2gs00-2ac2 Search vendor "Siemens" for product "6gk5632-2gs00-2ac2"	-	-	Safe
Siemens Search vendor "Siemens"	6gk5636-2gs00-2ac2 Firmware Search vendor "Siemens" for product "6gk5636-2gs00-2ac2 Firmware"	< 2.3 Search vendor "Siemens" for product "6gk5636-2gs00-2ac2 Firmware" and version " < 2.3"	-	Affected	in	Siemens Search vendor "Siemens"	6gk5636-2gs00-2ac2 Search vendor "Siemens" for product "6gk5636-2gs00-2ac2"	-	-	Safe
Siemens Search vendor "Siemens"	6gk5642-2gs00-2ac2 Firmware Search vendor "Siemens" for product "6gk5642-2gs00-2ac2 Firmware"	< 2.3 Search vendor "Siemens" for product "6gk5642-2gs00-2ac2 Firmware" and version " < 2.3"	-	Affected	in	Siemens Search vendor "Siemens"	6gk5642-2gs00-2ac2 Search vendor "Siemens" for product "6gk5642-2gs00-2ac2"	-	-	Safe
Siemens Search vendor "Siemens"	6gk5646-2gs00-2ac2 Firmware Search vendor "Siemens" for product "6gk5646-2gs00-2ac2 Firmware"	< 2.3 Search vendor "Siemens" for product "6gk5646-2gs00-2ac2 Firmware" and version " < 2.3"	-	Affected	in	Siemens Search vendor "Siemens"	6gk5646-2gs00-2ac2 Search vendor "Siemens" for product "6gk5646-2gs00-2ac2"	-	-	Safe