Vulnerabilites related to sick - rfu620-10503
cve-2022-46832
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2025-04-21 15:40
Severity ?
EPSS score ?
Summary
Use of a Broken or Risky Cryptographic Algorithm in SICK RFU62x firmware version < 2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person.
References
| ▼ | URL | Tags |
|---|---|---|
| https://sick.com/psirt |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | SICK RFU62x Firmware |
Version: <v2.21 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:39:38.773Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://sick.com/psirt", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2022-46832", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-04-21T15:37:54.907631Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-04-21T15:40:10.356Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "SICK RFU62x Firmware", vendor: "n/a", versions: [ { status: "affected", version: "<v2.21", }, ], }, ], descriptions: [ { lang: "en", value: "Use of a Broken or Risky Cryptographic Algorithm in SICK RFU62x firmware version < 2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-327", description: "CWE-327", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-13T00:00:00.000Z", orgId: "a6863dd2-93fc-443d-bef1-79f0b5020988", shortName: "SICK AG", }, references: [ { url: "https://sick.com/psirt", }, ], }, }, cveMetadata: { assignerOrgId: "a6863dd2-93fc-443d-bef1-79f0b5020988", assignerShortName: "SICK AG", cveId: "CVE-2022-46832", datePublished: "2022-12-13T00:00:00.000Z", dateReserved: "2022-12-08T00:00:00.000Z", dateUpdated: "2025-04-21T15:40:10.356Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2022-12-13 16:15
Modified
2025-04-21 16:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Use of a Broken or Risky Cryptographic Algorithm in SICK RFU62x firmware version < 2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@sick.de | https://sick.com/psirt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sick.com/psirt | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sick:rfu620-10100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CD03AE3A-955B-4290-A92F-C2CC0312B60A", versionEndExcluding: "2.21", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sick:rfu620-10100:-:*:*:*:*:*:*:*", matchCriteriaId: "3F073EEF-AFDF-4B3A-9DC0-09FE23BE68F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sick:rfu620-10101_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5A2CEB85-FDC1-42A1-A4A0-AE64F1A323BB", versionEndExcluding: "2.21", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sick:rfu620-10101:-:*:*:*:*:*:*:*", matchCriteriaId: "5DF29A7F-7E29-4F5C-AD0C-5E8CECA6F8EB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sick:rfu620-10102_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E47DAA07-241F-4597-895A-69DCA0F82B6A", versionEndExcluding: "2.21", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sick:rfu620-10102:-:*:*:*:*:*:*:*", matchCriteriaId: "2047D5DF-293E-4DEE-B453-8A78D9458E92", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sick:rfu620-10103_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5C6CD295-36C6-42E7-AEB8-DF069103A1DF", versionEndExcluding: "2.21", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sick:rfu620-10103:-:*:*:*:*:*:*:*", matchCriteriaId: "67411C6F-BA44-4788-855C-B9C052D10DDC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sick:rfu620-10104_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CE9D24F0-6288-4CBE-BDC3-3B95FAF87328", versionEndExcluding: "2.21", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sick:rfu620-10104:-:*:*:*:*:*:*:*", matchCriteriaId: "8F09E013-48EF-4507-B143-2EC364D66BBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sick:rfu620-10105_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "63AFD062-FF4E-41CB-9914-3C26A30E95A7", versionEndExcluding: "2.21", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sick:rfu620-10105:-:*:*:*:*:*:*:*", matchCriteriaId: "ABED4F7C-0C31-4A59-A98F-8C8CA4063B6A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sick:rfu620-10107_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3C3CCC53-D886-4CD0-876D-0DE3CC2C955B", versionEndExcluding: "2.21", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sick:rfu620-10107:-:*:*:*:*:*:*:*", matchCriteriaId: "68CE728C-23DE-490F-BC89-A2D6B9A1D397", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sick:rfu620-10108_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "488BFDAA-76D2-4BB1-B148-B9130B99B6A5", versionEndExcluding: "2.21", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sick:rfu620-10108:-:*:*:*:*:*:*:*", matchCriteriaId: "E6B26F88-E573-4C9A-B74F-C1BF0FF5EAEC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sick:rfu620-10111_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E64AEC3F-0700-4ACC-BE6F-21B136A8756E", versionEndExcluding: "2.21", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sick:rfu620-10111:-:*:*:*:*:*:*:*", matchCriteriaId: "A210E87B-D753-44E9-89C0-4D0F095FF30F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sick:rfu620-10114_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3AED40CD-D15E-44F1-A489-04B30CB54975", versionEndExcluding: "2.21", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sick:rfu620-10114:-:*:*:*:*:*:*:*", matchCriteriaId: "D9D5DC2A-58C4-4C7D-B888-0A61468BA883", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sick:rfu620-10118_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7FFFD007-696F-46C1-A1C6-3E8019E9566A", versionEndExcluding: "2.21", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sick:rfu620-10118:-:*:*:*:*:*:*:*", matchCriteriaId: "6CF06288-2C08-4E1E-B8A7-6011EC5C52DA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sick:rfu620-10400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "185E70E6-30DB-4C41-A7E5-7F726F8F2B8A", versionEndExcluding: "2.21", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sick:rfu620-10400:-:*:*:*:*:*:*:*", matchCriteriaId: "A0EED775-3161-4A47-BB88-D806141D6DE0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sick:rfu620-10401_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "48CB8FBD-9A17-4131-9879-7E2C29F86ADD", versionEndExcluding: "2.21", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sick:rfu620-10401:-:*:*:*:*:*:*:*", matchCriteriaId: "74B801F7-9D09-4DAD-9CA4-E4A4BBBD0175", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sick:rfu620-10500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "894E3115-4F8D-4D80-8D0E-29277B9BFDB2", versionEndExcluding: "2.21", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sick:rfu620-10500:-:*:*:*:*:*:*:*", matchCriteriaId: "99BA97F5-DC6A-401A-9E48-952FFF19F5AE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sick:rfu620-10501_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FFBD0CA2-74E7-4978-8884-D06761C1DFF3", versionEndExcluding: "2.21", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sick:rfu620-10501:-:*:*:*:*:*:*:*", matchCriteriaId: "82D1071F-6E28-4F9D-8B6A-DDB046A3C8AF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sick:rfu620-10503_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DE721250-1226-45C7-90E3-1745F868F524", versionEndExcluding: "2.21", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sick:rfu620-10503:-:*:*:*:*:*:*:*", matchCriteriaId: "2E364F7C-5F72-47A8-A0C0-2AB9525F5FB7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sick:rfu620-10504_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EBA9CB27-E3F8-4EF2-A502-407418B119DA", versionEndExcluding: "2.21", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sick:rfu620-10504:-:*:*:*:*:*:*:*", matchCriteriaId: "589130D5-527C-4048-ACE4-6A538EE85ADC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sick:rfu620-10507_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F18D52F5-F7BE-45F9-9EE7-4BE4E7CF0888", versionEndExcluding: "2.21", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sick:rfu620-10507:-:*:*:*:*:*:*:*", matchCriteriaId: "D9736D69-5312-4139-9D7D-15E07FB6F7C5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sick:rfu620-10508_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B33FEA70-2630-4664-9A84-245F6FEF4EEF", versionEndExcluding: "2.21", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sick:rfu620-10508:-:*:*:*:*:*:*:*", matchCriteriaId: "CEC1D7E3-E1D9-40F1-BDCE-7A12B6FAB2B6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sick:rfu620-10510_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "322F06D7-7BD9-45D5-A814-F9E89C69DE7D", versionEndExcluding: "2.21", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sick:rfu620-10510:-:*:*:*:*:*:*:*", matchCriteriaId: "1DA7EFAE-1435-4333-9E9B-B8BF29133A17", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sick:rfu620-10514_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "85BA6FA6-F7D9-4930-9869-3B24BA45298C", versionEndExcluding: "2.21", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sick:rfu620-10514:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFE928E-2011-4F95-8A2F-69CD5D582BBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Use of a Broken or Risky Cryptographic Algorithm in SICK RFU62x firmware version < 2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person.", }, { lang: "es", value: "Uso de un algoritmo criptográfico defectuoso o riesgoso en la versión de firmware SICK RFU62x < 2.21 permite a un atacante remoto con pocos privilegios descifrar los datos cifrados si el usuario solicita que se utilicen conjuntos de cifrado débiles para el cifrado a través de la interfaz SSH. El parche y el procedimiento de instalación para la actualización del firmware están disponibles a través de la persona de contacto responsable con el cliente de SICK.", }, ], id: "CVE-2022-46832", lastModified: "2025-04-21T16:15:53.493", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2022-12-13T16:15:26.107", references: [ { source: "psirt@sick.de", tags: [ "Vendor Advisory", ], url: "https://sick.com/psirt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://sick.com/psirt", }, ], sourceIdentifier: "psirt@sick.de", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-327", }, ], source: "psirt@sick.de", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-327", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }