Siemens Scalance_sc626-2c_firmware
7 CVEs affecting Siemens Scalance_sc626-2c_firmware. Latest disclosed: 2022-12-13. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-30065 | High | 7.8 | 2022-05-18 | A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar fun… |
CVE-2018-25032 | High | 7.5 | 2022-03-25 | zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. |
CVE-2022-46140 | Medium | 6.5 | 2022-12-13 | Affected devices use a weak encryption scheme to encrypt the debug zip file. This could allow an authenticated attacker to decrypt the contents of the file and… |
CVE-2022-32206 | Medium | 6.5 | 2022-07-07 | curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different alg… |
CVE-2022-46142 | Medium | 5.7 | 2022-12-13 | Affected devices store the CLI user passwords encrypted in flash memory. Attackers with physical access to the device could retrieve the file and decrypt the C… |
CVE-2022-32205 | Medium | 4.3 | 2022-07-07 | A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large a… |
CVE-2022-46143 | Low | 2.7 | 2022-12-13 | Affected devices do not check the TFTP blocksize correctly. This could allow an authenticated attacker to read from an uninitialized buffer that potentially co… |