Lucene search

K
cve[email protected]CVE-2022-27581
HistoryDec 13, 2022 - 4:15 p.m.

CVE-2022-27581

2022-12-1316:15:18
CWE-327
web.nvd.nist.gov
32
cve-2022-27581
sick rfu61x
firmware update
cryptographic algorithm

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.8%

Use of a Broken or Risky Cryptographic Algorithm in SICK RFU61x firmware version <v2.25 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person.

Affected configurations

NVD
Node
sickrfu610-10600_firmwareRange<2.25
AND
sickrfu610-10600Match-
Node
sickrfu610-10601_firmwareRange<2.25
AND
sickrfu610-10601Match-
Node
sickrfu610-10603_firmwareRange<2.25
AND
sickrfu610-10603Match-
Node
sickrfu610-10604_firmwareRange<2.25
AND
sickrfu610-10604Match-
Node
sickrfu610-10605_firmwareRange<2.25
AND
sickrfu610-10605Match-
Node
sickrfu610-10607_firmwareRange<2.25
AND
sickrfu610-10607Match-
Node
sickrfu610-10609_firmwareRange<2.25
AND
sickrfu610-10609Match-
Node
sickrfu610-10610_firmwareRange<2.25
AND
sickrfu610-10610Match-
Node
sickrfu610-10613_firmwareRange<2.25
AND
sickrfu610-10613Match-
Node
sickrfu610-10614_firmwareRange<2.25
AND
sickrfu610-10614Match-
Node
sickrfu610-10618_firmwareRange<2.25
AND
sickrfu610-10618Match-
Node
sickrfu610-10700_firmwareRange<2.25
AND
sickrfu610-10700Match-

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "SICK RFU61x Firmware",
    "versions": [
      {
        "version": "<v2.25",
        "status": "affected"
      }
    ]
  }
]

References

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.8%

Related for CVE-2022-27581