PT-2022-6083 · Siemens · Scalance Wam766-1+8
Published
2022-12-13
·
Updated
2025-01-14
·
CVE-2022-46144
CVSS v4.0
7.1
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
SCALANCE SC622-2C versions prior to V3.0
SCALANCE SC626-2C versions prior to V3.0
SCALANCE SC632-2C versions prior to V3.0
SCALANCE SC636-2C versions prior to V3.0
SCALANCE SC642-2C versions prior to V3.0
SCALANCE SC646-2C versions prior to V3.0
SCALANCE WAM763-1 versions prior to V2.0.0
SCALANCE WAM766-1 versions prior to V2.0.0
SCALANCE WAM766-1 (US) versions prior to V2.0.0
SCALANCE WAM766-1 EEC versions prior to V2.0.0
SCALANCE WAM766-1 EEC (US) versions prior to V2.0.0
SCALANCE WUM763-1 versions prior to V2.0.0
SCALANCE WUM766-1 versions prior to V2.0.0
SCALANCE WUM766-1 (USA) versions prior to V2.0.0
Description
The issue is related to insufficient control of resources during their lifetime in the SSH protocol implementation of the affected devices. This could allow an authenticated attacker to make the CLI via SSH or serial interface irresponsive after a user forcefully quits the SSH connection.
Recommendations
For SCALANCE SC622-2C versions prior to V3.0, update to version V3.0 or later.
For SCALANCE SC626-2C versions prior to V3.0, update to version V3.0 or later.
For SCALANCE SC632-2C versions prior to V3.0, update to version V3.0 or later.
For SCALANCE SC636-2C versions prior to V3.0, update to version V3.0 or later.
For SCALANCE SC642-2C versions prior to V3.0, update to version V3.0 or later.
For SCALANCE SC646-2C versions prior to V3.0, update to version V3.0 or later.
For SCALANCE WAM763-1 versions prior to V2.0.0, update to version V2.0.0 or later.
For SCALANCE WAM766-1 versions prior to V2.0.0, update to version V2.0.0 or later.
For SCALANCE WAM766-1 (US) versions prior to V2.0.0, update to version V2.0.0 or later.
For SCALANCE WAM766-1 EEC versions prior to V2.0.0, update to version V2.0.0 or later.
For SCALANCE WAM766-1 EEC (US) versions prior to V2.0.0, update to version V2.0.0 or later.
For SCALANCE WUM763-1 versions prior to V2.0.0, update to version V2.0.0 or later.
For SCALANCE WUM766-1 versions prior to V2.0.0, update to version V2.0.0 or later.
For SCALANCE WUM766-1 (USA) versions prior to V2.0.0, update to version V2.0.0 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Scalance Sc622-2C
Scalance Sc626-2C
Scalance Sc632-2C
Scalance Sc636-2C
Scalance Sc642-2C
Scalance Sc646-2C
Scalance Wam763-1
Scalance Wam766-1
Scalance Wam766-1 Eec