SICK AGCVE-2022-46833CVE-2022-46833
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
41.7%
Use of a Broken or Risky Cryptographic Algorithm in SICK RFU63x firmware version < v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| sick | rfu630-04100_firmware | * | cpe:2.3:o:sick:rfu630-04100_firmware:*:*:*:*:*:*:*:* |
| sick | rfu630-04100 | - | cpe:2.3:h:sick:rfu630-04100:-:*:*:*:*:*:*:* |
| sick | rfu630-04100s01_firmware | * | cpe:2.3:o:sick:rfu630-04100s01_firmware:*:*:*:*:*:*:*:* |
| sick | rfu630-04100s01 | - | cpe:2.3:h:sick:rfu630-04100s01:-:*:*:*:*:*:*:* |
| sick | rfu630-04101_firmware | * | cpe:2.3:o:sick:rfu630-04101_firmware:*:*:*:*:*:*:*:* |
| sick | rfu630-04101 | - | cpe:2.3:h:sick:rfu630-04101:-:*:*:*:*:*:*:* |
| sick | rfu630-04102_firmware | * | cpe:2.3:o:sick:rfu630-04102_firmware:*:*:*:*:*:*:*:* |
| sick | rfu630-04102 | - | cpe:2.3:h:sick:rfu630-04102:-:*:*:*:*:*:*:* |
| sick | rfu630-04103_firmware | * | cpe:2.3:o:sick:rfu630-04103_firmware:*:*:*:*:*:*:*:* |
| sick | rfu630-04103 | - | cpe:2.3:h:sick:rfu630-04103:-:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "n/a",
"product": "SICK RFU63x Firmware",
"versions": [
{
"version": "<v2.21",
"status": "affected"
}
]
}
]References
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
41.7%