Missing Encryption of Sensitive Data in Siemens SCALANCE W700 Product Family
| Risk | Medium |
| Patch available | NO |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2022-47522 |
| CWE-ID | CWE-311 |
| Exploitation vector | Local network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software |
SCALANCE WUM766-1 (US) Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE WUM766-1 (EU) Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE WAM766-1 EEC (US) Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE WAM766-1 EEC (EU) Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE WAM766-1 (US) Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE WAM766-1 (EU) Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE W778-1 M12 EEC (USA) Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE W774-1 RJ45 (USA) Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE W734-1 RJ45 (USA) Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE W1748-1 M12 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE W788-2 RJ45 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE W788-2 M12 EEC Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE W788-2 M12 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE W788-1 RJ45 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE W788-1 M12 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE W786-2IA RJ45 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE W786-2 SFP Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE W786-2 RJ45 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE W786-1 RJ45 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE W778-1 M12 EEC Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE W778-1 M12 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE W774-1 RJ45 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE W774-1 M12 EEC Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE W761-1 RJ45 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE W748-1 RJ45 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE W748-1 M12 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE W738-1 M12 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE W734-1 RJ45 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE W722-1 RJ45 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE W721-1 RJ45 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE WUM763-1 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE WAM763-1 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE W1788-2IA M12 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE W1788-2 M12 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE W1788-2 EEC M12 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE W1788-1 M12 Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | Siemens |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Missing Encryption of Sensitive Data
EUVDB-ID: #VU74346
Risk: Medium
CVSSv4.0: 6.7 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2022-47522
CWE-ID:
CWE-311 - Missing Encryption of Sensitive Data
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to the way Wi-Fi devices manage transmit queues. A remote attacker can force the device to send traffic unencrypted by manipulating the transmit queues.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsSCALANCE WUM766-1 (US): All versions
SCALANCE WUM766-1 (EU): All versions
SCALANCE WAM766-1 EEC (US): All versions
SCALANCE WAM766-1 EEC (EU): All versions
SCALANCE WAM766-1 (US): All versions
SCALANCE WAM766-1 (EU): All versions
SCALANCE W778-1 M12 EEC (USA): All versions
SCALANCE W774-1 RJ45 (USA): All versions
SCALANCE W734-1 RJ45 (USA): All versions
SCALANCE W1748-1 M12: All versions
SCALANCE W788-2 RJ45: All versions
SCALANCE W788-2 M12 EEC: All versions
SCALANCE W788-2 M12: All versions
SCALANCE W788-1 RJ45: All versions
SCALANCE W788-1 M12: All versions
SCALANCE W786-2IA RJ45: All versions
SCALANCE W786-2 SFP: All versions
SCALANCE W786-2 RJ45: All versions
SCALANCE W786-1 RJ45: All versions
SCALANCE W778-1 M12 EEC: All versions
SCALANCE W778-1 M12: All versions
SCALANCE W774-1 RJ45: All versions
SCALANCE W774-1 M12 EEC: All versions
SCALANCE W761-1 RJ45: All versions
SCALANCE W748-1 RJ45: All versions
SCALANCE W748-1 M12: All versions
SCALANCE W738-1 M12: All versions
SCALANCE W734-1 RJ45: All versions
SCALANCE W722-1 RJ45: All versions
SCALANCE W721-1 RJ45: All versions
SCALANCE WUM763-1: All versions
SCALANCE WAM763-1: All versions
SCALANCE W1788-2IA M12: All versions
SCALANCE W1788-2 M12: All versions
SCALANCE W1788-2 EEC M12: All versions
SCALANCE W1788-1 M12: All versions
CPE2.3- cpe:2.3:h:siemens:scalance_wum766-1_us:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_wum766-1_eu:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_wam766-1_eec_us:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_wam766-1_eec_eu:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_wam766-1_us:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_wam766-1_eu:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w778-1_m12_eec_usa:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w774-1_rj45_usa:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w734-1_rj45_usa:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w1748-1_m12:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w788-2_rj45:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w788-2_m12_eec:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w788-2_m12:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w788-1_rj45:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w788-1_m12:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w786-2ia_rj45:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w786-2_sfp:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w786-2_rj45:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w786-1_rj45:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w778-1_m12_eec:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w778-1_m12:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w774-1_rj45:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w774-1_m12_eec:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w761-1_rj45:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w748-1_rj45:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w748-1_m12:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w738-1_m12:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w734-1_rj45:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w722-1_rj45:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w721-1_rj45:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_wum763-1:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_wam763-1:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w1788-2ia_m12:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w1788-2_m12:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w1788-2_eec_m12:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w1788-1_m12:*:*:*:*:*:*:*:*
https://cert-portal.siemens.com/productcert/txt/ssa-457702.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
