Lucene search

[email protected]NVD:CVE-2022-27586

HistoryNov 01, 2022 - 9:15 p.m.

CVE-2022-27586

2022-11-0121:15:11

CWE-306

[email protected]

web.nvd.nist.gov

sick

sim1004

partnumber

firmware

vulnerability

password recovery

userlevel

remote attacker

privileges

system

confidentiality

integrity

availability

update

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.004 Low

EPSS

Percentile

72.8%

JSON

Password recovery vulnerability in SICK SIM1004 Partnumber 1098148 with firmware version <2.0.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 2.0.0 as soon as possible (available in SICK Support Portal).

Affected configurations

NVD

Node

sicksim1004-0p0g311_firmwareRange<2.0.0

AND

sicksim1004-0p0g311Match-

References

sick.com/psirt

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.004 Low

EPSS

Percentile

72.8%

JSON

Related for NVD:CVE-2022-27586

cve1 cvelist1 prion1