Siemens Scalance Sc642-2c
11 CVEs affecting Siemens Scalance Sc642-2c. Latest disclosed: 2026-05-12. Critical: 1, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-36323 | Critical | 9.1 | 2022-08-10 | Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or s… |
CVE-2022-31765 | High | 8.8 | 2022-10-11 | Affected devices do not properly authorize the change password function of the web interface. This could allow low privileged users to escalate their privileg… |
CVE-2022-34821 | High | 7.6 | 2022-07-12 | A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2), SCALANCE M804PB (6G… |
CVE-2025-40833 | High | 7.5 | 2026-05-12 | The affected devices contain a null pointer dereference vulnerability while processing specially crafted IPv4 requests. This could allow an attacker to cause d… |
CVE-2022-36324 | High | 7.5 | 2022-08-10 | Affected devices do not properly handle the renegotiation of SSL/TLS parameters. This could allow an unauthenticated remote attacker to bypass the TCP brute fo… |
CVE-2022-36325 | Medium | 6.8 | 2022-08-10 | Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with a… |
CVE-2022-46144 | Medium | 6.5 | 2022-12-13 | A vulnerability has been identified in SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (All versions < V2.3), SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (All versions >= V2… |
CVE-2022-46140 | Medium | 6.5 | 2022-12-13 | Affected devices use a weak encryption scheme to encrypt the debug zip file. This could allow an authenticated attacker to decrypt the contents of the file and… |
CVE-2022-46142 | Medium | 5.7 | 2022-12-13 | Affected devices store the CLI user passwords encrypted in flash memory. Attackers with physical access to the device could retrieve the file and decrypt the C… |
CVE-2025-23384 | Low | 3.7 | 2025-03-11 | A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2D… |
CVE-2022-46143 | Low | 2.7 | 2022-12-13 | Affected devices do not check the TFTP blocksize correctly. This could allow an authenticated attacker to read from an uninitialized buffer that potentially co… |