Vulnerabilites related to sick - visionary-s_cx
Vulnerability from fkie_nvd
Published
2021-06-28 12:15
Modified
2024-11-21 06:07
Severity ?
Summary
SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inadequate Encryption Strength vulnerability concerning the internal SSH interface solely used by SICK for recovering returned devices. The use of weak ciphers make it easier for an attacker to break the security that protects information transmitted from the client to the SSH server, assuming the attacker has access to the network on which the device is connected. This can increase the risk that encryption will be compromised, leading to the exposure of sensitive user information and man-in-the-middle attacks.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sick | visionary-s_cx_firmware | * | |
| sick | visionary-s_cx | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sick:visionary-s_cx_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "88B84A38-24C1-4AC0-8075-59891D947F8D", versionEndExcluding: "5.21.2.29154r", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sick:visionary-s_cx:-:*:*:*:*:*:*:*", matchCriteriaId: "0E46BE6B-3294-4E3A-92D8-18431F82E83D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inadequate Encryption Strength vulnerability concerning the internal SSH interface solely used by SICK for recovering returned devices. The use of weak ciphers make it easier for an attacker to break the security that protects information transmitted from the client to the SSH server, assuming the attacker has access to the network on which the device is connected. This can increase the risk that encryption will be compromised, leading to the exposure of sensitive user information and man-in-the-middle attacks.", }, { lang: "es", value: "SICK Visionary-S CX hasta la versión 5.21.2.29154R, son susceptibles a una vulnerabilidad de Fuerza de Encriptación Inadecuada relativa a la interfaz interna SSH utilizada únicamente por SICK para la recuperación de dispositivos devueltos. El uso de cifrados débiles facilita a un atacante rompa la seguridad que protege la información transmitida desde el cliente al servidor SSH, asumiendo que el atacante tenga acceso a la red en la que está conectado el dispositivo. Esto puede aumentar el riesgo de que la encriptación se vea comprometida, conllevando a la exposición de información confidencial del usuario y ataques de tipo man-in-the-middle", }, ], id: "CVE-2021-32496", lastModified: "2024-11-21T06:07:09.053", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-06-28T12:15:14.703", references: [ { source: "psirt@sick.de", tags: [ "Vendor Advisory", ], url: "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories", }, ], sourceIdentifier: "psirt@sick.de", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-326", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2021-32496
Vulnerability from cvelistv5
Published
2021-06-28 11:02
Modified
2024-08-03 23:17
Severity ?
EPSS score ?
Summary
SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inadequate Encryption Strength vulnerability concerning the internal SSH interface solely used by SICK for recovering returned devices. The use of weak ciphers make it easier for an attacker to break the security that protects information transmitted from the client to the SSH server, assuming the attacker has access to the network on which the device is connected. This can increase the risk that encryption will be compromised, leading to the exposure of sensitive user information and man-in-the-middle attacks.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | SICK Visionary-S CX |
Version: <5.21.2.29154R |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T23:17:29.551Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "SICK Visionary-S CX", vendor: "n/a", versions: [ { status: "affected", version: "<5.21.2.29154R", }, ], }, ], descriptions: [ { lang: "en", value: "SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inadequate Encryption Strength vulnerability concerning the internal SSH interface solely used by SICK for recovering returned devices. The use of weak ciphers make it easier for an attacker to break the security that protects information transmitted from the client to the SSH server, assuming the attacker has access to the network on which the device is connected. This can increase the risk that encryption will be compromised, leading to the exposure of sensitive user information and man-in-the-middle attacks.", }, ], problemTypes: [ { descriptions: [ { description: "Inadequate SSH configuration in Visionary-S CX", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-06-28T11:02:32", orgId: "a6863dd2-93fc-443d-bef1-79f0b5020988", shortName: "SICK AG", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@sick.de", ID: "CVE-2021-32496", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "SICK Visionary-S CX", version: { version_data: [ { version_value: "<5.21.2.29154R", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inadequate Encryption Strength vulnerability concerning the internal SSH interface solely used by SICK for recovering returned devices. The use of weak ciphers make it easier for an attacker to break the security that protects information transmitted from the client to the SSH server, assuming the attacker has access to the network on which the device is connected. This can increase the risk that encryption will be compromised, leading to the exposure of sensitive user information and man-in-the-middle attacks.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Inadequate SSH configuration in Visionary-S CX", }, ], }, ], }, references: { reference_data: [ { name: "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories", refsource: "MISC", url: "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "a6863dd2-93fc-443d-bef1-79f0b5020988", assignerShortName: "SICK AG", cveId: "CVE-2021-32496", datePublished: "2021-06-28T11:02:32", dateReserved: "2021-05-10T00:00:00", dateUpdated: "2024-08-03T23:17:29.551Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }