Vulnerabilities > Siemens > Scalance Xm416 4C Firmware

DATE CVE VULNERABILITY TITLE RISK
2022-12-13 CVE-2022-46140 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Siemens products
Affected devices use a weak encryption scheme to encrypt the debug zip file.
network
low complexity
siemens CWE-327
6.5
2022-12-13 CVE-2022-46142 Storing Passwords in a Recoverable Format vulnerability in Siemens products
Affected devices store the CLI user passwords encrypted in flash memory.
low complexity
siemens CWE-257
5.7
2022-12-13 CVE-2022-46143 Improper Validation of Specified Quantity in Input vulnerability in Siemens products
Affected devices do not check the TFTP blocksize correctly.
network
low complexity
siemens CWE-1284
2.7
2022-08-10 CVE-2022-36323 Unspecified vulnerability in Siemens products
Affected devices do not properly sanitize an input field.
network
low complexity
siemens
critical
9.1
2022-08-10 CVE-2022-36324 Allocation of Resources Without Limits or Throttling vulnerability in Siemens products
Affected devices do not properly handle the renegotiation of SSL/TLS parameters.
network
low complexity
siemens CWE-770
7.5
2022-08-10 CVE-2022-36325 Unspecified vulnerability in Siemens products
Affected devices do not properly sanitize data introduced by an user when rendering the web interface.
network
low complexity
siemens
4.8
2022-06-14 CVE-2021-37182 Improper Validation of Integrity Check Value vulnerability in Siemens products
A vulnerability has been identified in SCALANCE XM408-4C (All versions < V6.5), SCALANCE XM408-4C (L3 int.) (All versions < V6.5), SCALANCE XM408-8C (All versions < V6.5), SCALANCE XM408-8C (L3 int.) (All versions < V6.5), SCALANCE XM416-4C (All versions < V6.5), SCALANCE XM416-4C (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 1x230V (All versions < V6.5), SCALANCE XR524-8C, 1x230V (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 24V (All versions < V6.5), SCALANCE XR524-8C, 24V (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 2x230V (All versions < V6.5), SCALANCE XR524-8C, 2x230V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 1x230V (All versions < V6.5), SCALANCE XR526-8C, 1x230V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 24V (All versions < V6.5), SCALANCE XR526-8C, 24V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 2x230V (All versions < V6.5), SCALANCE XR526-8C, 2x230V (L3 int.) (All versions < V6.5), SCALANCE XR528-6M (All versions < V6.5), SCALANCE XR528-6M (2HR2) (All versions < V6.5), SCALANCE XR528-6M (2HR2, L3 int.) (All versions < V6.5), SCALANCE XR528-6M (L3 int.) (All versions < V6.5), SCALANCE XR552-12M (All versions < V6.5), SCALANCE XR552-12M (2HR2) (All versions < V6.5), SCALANCE XR552-12M (2HR2) (All versions < V6.5), SCALANCE XR552-12M (2HR2, L3 int.) (All versions < V6.5).
network
low complexity
siemens CWE-354
7.5
2021-05-12 CVE-2020-28393 Incorrect Calculation vulnerability in Siemens products
An unauthenticated remote attacker could create a permanent denial-of-service condition by sending specially crafted OSPF packets.
network
low complexity
siemens CWE-682
7.5