Lucene search

SICK AGCVE-2022-27582

HistoryNov 01, 2022 - 9:15 p.m.

CVE-2022-27582

2022-11-0121:15:11

CWE-306

SICK AG

web.nvd.nist.gov

cve-2022-27582

sick sim4000

ppc

partnumber 1078787

password recovery vulnerability

unprivileged remote attacker

privilege escalation

firmware vulnerability

system integrity

availability

nvd

security practices

firmware fix

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.004

Percentile

72.8%

JSON

Password recovery vulnerability in SICK SIM4000 (PPC) Partnumber 1078787 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The firmware versions <=1.10.1 allow to optionally disable device configuration over the network interfaces. Please make sure that you apply general security practices when operating the SIM4000. A fix is planned but not yet scheduled.

Affected configurations

Nvd

Node

sicksim2000_firmwareRange<1.2.0

AND

sicksim2000Match-

Node

sicksim2000st_firmwareRange<1.2.0

AND

sicksim2000stMatch-

Node

sicksim2500_firmwareRange<1.2.0

AND

sicksim2500Match-

Node

sicksim1012_firmwareRange<2.2.0

AND

sicksim1012Match-

Node

sicksim1004Match-

AND

sicksim1004_firmwareRange<2.0.0

Node

sicksim1000_fxMatch-

AND

sicksim1000_fx_firmwareRange<1.6.0

Node

sicksim4000Match-

AND

sicksim4000_firmware

VendorProductVersionCPE
sicksim2000_firmware*cpe:2.3:o:sick:sim2000_firmware:*:*:*:*:*:*:*:*
sicksim2000-cpe:2.3:h:sick:sim2000:-:*:*:*:*:*:*:*
sicksim2000st_firmware*cpe:2.3:o:sick:sim2000st_firmware:*:*:*:*:*:*:*:*
sicksim2000st-cpe:2.3:h:sick:sim2000st:-:*:*:*:*:*:*:*
sicksim2500_firmware*cpe:2.3:o:sick:sim2500_firmware:*:*:*:*:*:*:*:*
sicksim2500-cpe:2.3:h:sick:sim2500:-:*:*:*:*:*:*:*
sicksim1012_firmware*cpe:2.3:o:sick:sim1012_firmware:*:*:*:*:*:*:*:*
sicksim1012-cpe:2.3:h:sick:sim1012:-:*:*:*:*:*:*:*
sicksim1004-cpe:2.3:h:sick:sim1004:-:*:*:*:*:*:*:*
sicksim1004_firmware*cpe:2.3:o:sick:sim1004_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sick	sim2000_firmware	*	cpe:2.3:o:sick:sim2000_firmware::::::::
sick	sim2000	-	cpe:2.3:h:sick:sim2000:-:::::::*
sick	sim2000st_firmware	*	cpe:2.3:o:sick:sim2000st_firmware::::::::
sick	sim2000st	-	cpe:2.3:h:sick:sim2000st:-:::::::*
sick	sim2500_firmware	*	cpe:2.3:o:sick:sim2500_firmware::::::::
sick	sim2500	-	cpe:2.3:h:sick:sim2500:-:::::::*
sick	sim1012_firmware	*	cpe:2.3:o:sick:sim1012_firmware::::::::
sick	sim1012	-	cpe:2.3:h:sick:sim1012:-:::::::*
sick	sim1004	-	cpe:2.3:h:sick:sim1004:-:::::::*
sick	sim1004_firmware	*	cpe:2.3:o:sick:sim1004_firmware::::::::

Rows per page:

1-10 of 141

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "SICK SIM4000 (PPC)",
    "versions": [
      {
        "version": "Partnumber 1078787",
        "status": "affected"
      }
    ]
  }
]

References

sick.com/psirt

Social References

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.004

Percentile

72.8%

JSON

Related for CVE-2022-27582