VYPR

Scalance W1748

by Siemens Foundation

CVEs (4)

  • CVE-2022-46140Dec 13, 2022
    risk 0.00cvss epss 0.00

    Affected devices use a weak encryption scheme to encrypt the debug zip file. This could allow an authenticated attacker to decrypt the contents of the file and retrieve debug information about the system.

  • CVE-2022-46143Dec 13, 2022
    risk 0.00cvss epss 0.01

    Affected devices do not check the TFTP blocksize correctly. This could allow an authenticated attacker to read from an uninitialized buffer that potentially contains previously allocated data.

  • CVE-2022-46142Dec 13, 2022
    risk 0.00cvss epss 0.00

    Affected devices store the CLI user passwords encrypted in flash memory. Attackers with physical access to the device could retrieve the file and decrypt the CLI user passwords.

  • CVE-2020-28400Jul 13, 2021
    risk 0.00cvss epss 0.02

    Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial of service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device.