7.1

CVE-2022-46144

A vulnerability has been identified in SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (All versions < V2.3), SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC626-2C (6GK5626-2GS00-2AC2) (All versions < V2.3), SCALANCE SC626-2C (6GK5626-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC632-2C (6GK5632-2GS00-2AC2) (All versions < V2.3), SCALANCE SC632-2C (6GK5632-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC636-2C (6GK5636-2GS00-2AC2) (All versions < V2.3), SCALANCE SC636-2C (6GK5636-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC642-2C (6GK5642-2GS00-2AC2) (All versions < V2.3), SCALANCE SC642-2C (6GK5642-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC646-2C (6GK5646-2GS00-2AC2) (All versions < V2.3), SCALANCE SC646-2C (6GK5646-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V2.0.0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) (All versions < V2.0.0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions < V2.0.0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0) (All versions < V2.0.0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions < V2.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions < V2.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions < V2.0.0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0) (All versions < V2.0.0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0) (All versions < V2.0.0). Affected devices do not properly process CLI commands after a user forcefully quitted the SSH connection. This could allow an authenticated attacker to make the CLI via SSH or serial  interface irresponsive.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Siemens6gk5622-2gs00-2ac2 Firmware Version >= 2.3 < 3.0
   Siemens6gk5622-2gs00-2ac2 Version-
Siemens6gk5626-2gs00-2ac2 Firmware Version >= 2.3 < 3.0
   Siemens6gk5626-2gs00-2ac2 Version-
Siemens6gk5632-2gs00-2ac2 Firmware Version >= 2.3 < 3.0
   Siemens6gk5632-2gs00-2ac2 Version-
Siemens6gk5636-2gs00-2ac2 Firmware Version >= 2.3 < 3.0
   Siemens6gk5636-2gs00-2ac2 Version-
Siemens6gk5642-2gs00-2ac2 Firmware Version >= 2.3 < 3.0
   Siemens6gk5642-2gs00-2ac2 Version-
Siemens6gk5646-2gs00-2ac2 Firmware Version >= 2.3 < 3.0
   Siemens6gk5646-2gs00-2ac2 Version-
Siemens6gk5622-2gs00-2ac2 Firmware Version < 2.3
   Siemens6gk5622-2gs00-2ac2 Version-
Siemens6gk5626-2gs00-2ac2 Firmware Version < 2.3
   Siemens6gk5626-2gs00-2ac2 Version-
Siemens6gk5632-2gs00-2ac2 Firmware Version < 2.3
   Siemens6gk5632-2gs00-2ac2 Version-
Siemens6gk5636-2gs00-2ac2 Firmware Version < 2.3
   Siemens6gk5636-2gs00-2ac2 Version-
Siemens6gk5642-2gs00-2ac2 Firmware Version < 2.3
   Siemens6gk5642-2gs00-2ac2 Version-
Siemens6gk5646-2gs00-2ac2 Firmware Version < 2.3
   Siemens6gk5646-2gs00-2ac2 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.42% 0.611
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
productcert@siemens.com 7.1 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
productcert@siemens.com 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-664 Improper Control of a Resource Through its Lifetime

The product does not maintain or incorrectly maintains control over a resource throughout its lifetime of creation, use, and release.