Vulnerabilities > Siemens > Scalance Sc622 2C Firmware

DATE CVE VULNERABILITY TITLE RISK
2022-12-13 CVE-2022-46140 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Siemens products
Affected devices use a weak encryption scheme to encrypt the debug zip file.
network
low complexity
siemens CWE-327
6.5
2022-12-13 CVE-2022-46142 Storing Passwords in a Recoverable Format vulnerability in Siemens products
Affected devices store the CLI user passwords encrypted in flash memory.
low complexity
siemens CWE-257
5.7
2022-12-13 CVE-2022-46143 Improper Validation of Specified Quantity in Input vulnerability in Siemens products
Affected devices do not check the TFTP blocksize correctly.
network
low complexity
siemens CWE-1284
2.7
2022-08-10 CVE-2022-36323 Unspecified vulnerability in Siemens products
Affected devices do not properly sanitize an input field.
network
low complexity
siemens
critical
9.1
2022-08-10 CVE-2022-36325 Unspecified vulnerability in Siemens products
Affected devices do not properly sanitize data introduced by an user when rendering the web interface.
network
low complexity
siemens
4.8
2022-07-07 CVE-2022-32205 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them.
4.3
2022-07-07 CVE-2022-32206 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms.
6.5
2022-05-18 CVE-2022-30065 Use After Free vulnerability in multiple products
A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function.
local
low complexity
busybox siemens CWE-416
7.8
2022-03-25 CVE-2018-25032 Out-of-bounds Write vulnerability in multiple products
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
7.5
2021-10-18 CVE-2021-41991 Integer Overflow or Wraparound vulnerability in multiple products
The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries.
network
low complexity
strongswan debian fedoraproject siemens CWE-190
7.5