Lucene search

[email protected]NVD:CVE-2022-43990

HistoryNov 01, 2022 - 9:15 p.m.

CVE-2022-43990

2022-11-0121:15:12

CWE-306

[email protected]

web.nvd.nist.gov

vulnerability

sick sim1012

firmware

remote attacker

elevated privileges

system security

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS

0.001

Percentile

50.2%

JSON

Password recovery vulnerability in SICK SIM1012 Partnumber 1098146 with firmware version <2.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 2.2.0 as soon as possible (available in SICK Support Portal).

Affected configurations

Nvd

Node

sicksim1012-0p0g200_firmwareRange<2.2.0

AND

sicksim1012-0p0g200Match-

VendorProductVersionCPE
sicksim1012-0p0g200_firmware*cpe:2.3:o:sick:sim1012-0p0g200_firmware:*:*:*:*:*:*:*:*
sicksim1012-0p0g200-cpe:2.3:h:sick:sim1012-0p0g200:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sick	sim1012-0p0g200_firmware	*	cpe:2.3:o:sick:sim1012-0p0g200_firmware::::::::
sick	sim1012-0p0g200	-	cpe:2.3:h:sick:sim1012-0p0g200:-:::::::*

References

sick.com/psirt

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS

0.001

Percentile

50.2%

JSON

Related for NVD:CVE-2022-43990

cve1 prion1 cvelist1