Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2022-27586
Vulnerability from cvelistv5
Published
2022-11-01 00:00
Modified
2024-08-03 05:32
Severity ?
EPSS score ?
Summary
Password recovery vulnerability in SICK SIM1004 Partnumber 1098148 with firmware version <2.0.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 2.0.0 as soon as possible (available in SICK Support Portal).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@sick.de | https://sick.com/psirt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sick.com/psirt | Vendor Advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | SICK SIM1004 |
Version: Partnumber 1098148 with firmware version < 2.0.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T05:32:59.296Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://sick.com/psirt", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "SICK SIM1004", vendor: "n/a", versions: [ { status: "affected", version: "Partnumber 1098148 with firmware version < 2.0.0", }, ], }, ], descriptions: [ { lang: "en", value: "Password recovery vulnerability in SICK SIM1004 Partnumber 1098148 with firmware version <2.0.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 2.0.0 as soon as possible (available in SICK Support Portal).", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-306", description: "CWE-306", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-16T00:00:00", orgId: "a6863dd2-93fc-443d-bef1-79f0b5020988", shortName: "SICK AG", }, references: [ { url: "https://sick.com/psirt", }, ], }, }, cveMetadata: { assignerOrgId: "a6863dd2-93fc-443d-bef1-79f0b5020988", assignerShortName: "SICK AG", cveId: "CVE-2022-27586", datePublished: "2022-11-01T00:00:00", dateReserved: "2022-03-21T00:00:00", dateUpdated: "2024-08-03T05:32:59.296Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2022-27586\",\"sourceIdentifier\":\"psirt@sick.de\",\"published\":\"2022-11-01T21:15:11.743\",\"lastModified\":\"2024-11-21T06:55:59.843\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Password recovery vulnerability in SICK SIM1004 Partnumber 1098148 with firmware version <2.0.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 2.0.0 as soon as possible (available in SICK Support Portal).\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de recuperación de contraseña en SICK SIM1004 Partnumber 1098148 con versión de firmware <2.0.0, permite a un atacante remoto sin privilegios obtener acceso al nivel de usuario definido como RecoverableUserLevel invocando el método del mecanismo de recuperación de contraseña. Esto conduce a un aumento de sus privilegios en el sistema y, por lo tanto, afecta la integridad de la confidencialidad y la disponibilidad del sistema. Un atacante puede esperar un éxito repetible si explota la vulnerabilidad. La solución recomendada es actualizar el firmware a una versión >= 2.0.0 lo antes posible (disponible en el Portal de Soporte de SICK).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"psirt@sick.de\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sick:sim1004-0p0g311_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.0.0\",\"matchCriteriaId\":\"B9760A0A-E58A-40AD-BA19-96B433ACC9D4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sick:sim1004-0p0g311:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29C598EF-821E-4359-B8DA-786F7ED4F704\"}]}]}],\"references\":[{\"url\":\"https://sick.com/psirt\",\"source\":\"psirt@sick.de\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://sick.com/psirt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}", }, }
gsd-2022-27586
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
Password recovery vulnerability in SICK SIM1004 Partnumber 1098148 with firmware version <2.0.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 2.0.0 as soon as possible (available in SICK Support Portal).
Aliases
Aliases
{ GSD: { alias: "CVE-2022-27586", id: "GSD-2022-27586", }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2022-27586", ], details: "Password recovery vulnerability in SICK SIM1004 Partnumber 1098148 with firmware version <2.0.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 2.0.0 as soon as possible (available in SICK Support Portal).", id: "GSD-2022-27586", modified: "2023-12-13T01:19:40.689929Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "psirt@sick.de", ID: "CVE-2022-27586", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "SICK SIM1004", version: { version_data: [ { version_value: "Partnumber 1098148 with firmware version < 2.0.0", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Password recovery vulnerability in SICK SIM1004 Partnumber 1098148 with firmware version <2.0.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 2.0.0 as soon as possible (available in SICK Support Portal).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-306", }, ], }, ], }, references: { reference_data: [ { name: "https://sick.com/psirt", refsource: "MISC", url: "https://sick.com/psirt", }, ], }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sick:sim1004-0p0g311_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.0.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sick:sim1004-0p0g311:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "psirt@sick.de", ID: "CVE-2022-27586", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "Password recovery vulnerability in SICK SIM1004 Partnumber 1098148 with firmware version <2.0.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 2.0.0 as soon as possible (available in SICK Support Portal).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-306", }, ], }, ], }, references: { reference_data: [ { name: "https://sick.com/psirt", refsource: "MISC", tags: [ "Vendor Advisory", ], url: "https://sick.com/psirt", }, ], }, }, impact: { baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, }, }, lastModifiedDate: "2023-03-31T16:11Z", publishedDate: "2022-11-01T21:15Z", }, }, }
fkie_cve-2022-27586
Vulnerability from fkie_nvd
Published
2022-11-01 21:15
Modified
2024-11-21 06:55
Severity ?
Summary
Password recovery vulnerability in SICK SIM1004 Partnumber 1098148 with firmware version <2.0.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 2.0.0 as soon as possible (available in SICK Support Portal).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@sick.de | https://sick.com/psirt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sick.com/psirt | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sick | sim1004-0p0g311_firmware | * | |
| sick | sim1004-0p0g311 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sick:sim1004-0p0g311_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B9760A0A-E58A-40AD-BA19-96B433ACC9D4", versionEndExcluding: "2.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sick:sim1004-0p0g311:-:*:*:*:*:*:*:*", matchCriteriaId: "29C598EF-821E-4359-B8DA-786F7ED4F704", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Password recovery vulnerability in SICK SIM1004 Partnumber 1098148 with firmware version <2.0.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 2.0.0 as soon as possible (available in SICK Support Portal).", }, { lang: "es", value: "Vulnerabilidad de recuperación de contraseña en SICK SIM1004 Partnumber 1098148 con versión de firmware <2.0.0, permite a un atacante remoto sin privilegios obtener acceso al nivel de usuario definido como RecoverableUserLevel invocando el método del mecanismo de recuperación de contraseña. Esto conduce a un aumento de sus privilegios en el sistema y, por lo tanto, afecta la integridad de la confidencialidad y la disponibilidad del sistema. Un atacante puede esperar un éxito repetible si explota la vulnerabilidad. La solución recomendada es actualizar el firmware a una versión >= 2.0.0 lo antes posible (disponible en el Portal de Soporte de SICK).", }, ], id: "CVE-2022-27586", lastModified: "2024-11-21T06:55:59.843", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-11-01T21:15:11.743", references: [ { source: "psirt@sick.de", tags: [ "Vendor Advisory", ], url: "https://sick.com/psirt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://sick.com/psirt", }, ], sourceIdentifier: "psirt@sick.de", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-306", }, ], source: "psirt@sick.de", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-306", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
SCA-2022-0013
Vulnerability from csaf_sick
Published
2022-10-21 13:00
Modified
2022-11-04 14:00
Summary
Password recovery vulnerability affects multiple SICK SIMs
Notes
SICK received a report about a vulnerability in multiple SICK SIM products. The vulnerability is classified as a "Missing Authentication for Critical Function" vulnerability and results from a mishandling of access to a password recovery mechanism.
It is possible for an unprivileged, remote user to invocate the password recovery mechanism without the needed authentication rights to gain access to the userlevel "RecoverableUserLevel" and thereby increasing their privileges on the system.
General Security Measures
As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.
Vulnerability Classification
SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer’s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en-US", notes: [ { category: "summary", text: "SICK received a report about a vulnerability in multiple SICK SIM products. The vulnerability is classified as a \"Missing Authentication for Critical Function\" vulnerability and results from a mishandling of access to a password recovery mechanism. \nIt is possible for an unprivileged, remote user to invocate the password recovery mechanism without the needed authentication rights to gain access to the userlevel \"RecoverableUserLevel\" and thereby increasing their privileges on the system. \n", }, { category: "general", text: "As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.", title: "General Security Measures", }, { category: "general", text: "SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer’s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.", title: "Vulnerability Classification", }, ], publisher: { category: "vendor", contact_details: "psirt@sick.de", issuing_authority: "SICK PSIRT is responsible for any vulnerabilities related to SICK products.", name: "SICK PSIRT", namespace: "https://sick.com/psirt", }, references: [ { summary: "SICK PSIRT Security Advisories", url: "https://sick.com/psirt", }, { summary: "SICK Operating Guidelines", url: "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF", }, { summary: "ICS-CERT recommended practices on Industrial Security", url: "http://ics-cert.us-cert.gov/content/recommended-practices", }, { summary: "CVSS v3.1 Calculator", url: "https://www.first.org/cvss/calculator/3.1", }, { category: "self", summary: "The canonical URL.", url: "https://www.sick.com/.well-known/csaf/white/2022/sca-2022-0013.json", }, ], title: "Password recovery vulnerability affects multiple SICK SIMs", tracking: { current_release_date: "2022-11-04T14:00:00.000Z", generator: { date: "2023-02-10T10:07:22.817Z", engine: { name: "Secvisogram", version: "2.0.0", }, }, id: "SCA-2022-0013", initial_release_date: "2022-10-21T13:00:00.000Z", revision_history: [ { date: "2022-10-21T13:00:00.000Z", number: "1", summary: "Initial release", }, { date: "2022-11-04T14:00:00.000Z", number: "2", summary: "Updated CVE references", }, { date: "2022-12-14T11:00:00.000Z", number: "3", summary: "Additional CVE included", }, { date: "2023-02-10T11:00:00.000Z", number: "4", summary: "Updated Advisory (only visual changes)", }, ], status: "final", version: "4", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "vers:all/*", product: { name: "SICK SIM1000 FX all versions", product_id: "CSAFPID-0001", product_identification_helper: { skus: [ "1097816", "1097817", ], }, }, }, ], category: "product_name", name: "SIM1000 FX", }, { branches: [ { category: "product_version_range", name: "vers:all/*", product: { name: "SICK SIM1004 all versions", product_id: "CSAFPID-0002", product_identification_helper: { skus: [ "1098148", ], }, }, }, ], category: "product_name", name: "SIM1004", }, { branches: [ { category: "product_version_range", name: "vers:all/*", product: { name: "SICK SIM1012 all versions", product_id: "CSAFPID-0003", product_identification_helper: { skus: [ "1098146", ], }, }, }, ], category: "product_name", name: "SIM1012", }, { branches: [ { category: "product_version_range", name: "vers:all/*", product: { name: "SICK SIM2000ST (LFT, PPC) all versions", product_id: "CSAFPID-0004", product_identification_helper: { skus: [ "2086502", ], }, }, }, ], category: "product_name", name: "SIM2000ST (LFT, PPC)", }, { branches: [ { category: "product_version_range", name: "vers:all/*", product: { name: "SICK SIM2000ST (PPC) all versions", product_id: "CSAFPID-0005", product_identification_helper: { skus: [ "1080579", ], }, }, }, ], category: "product_name", name: "SIM2000ST (PPC)", }, { branches: [ { category: "product_version_range", name: "vers:all/*", product: { name: "SICK SIM2x00 (ARM) all versions", product_id: "CSAFPID-0006", product_identification_helper: { skus: [ "1092673", "1081902", ], }, }, }, ], category: "product_name", name: "SIM2x00 (ARM)", }, { branches: [ { category: "product_version_range", name: "vers:all/*", product: { name: "SICK SIM4000 (PPC) all versions", product_id: "CSAFPID-0007", product_identification_helper: { skus: [ "1078787", ], }, }, }, ], category: "product_name", name: "SIM4000 (PPC)", }, { branches: [ { category: "product_version_range", name: "<1.6.0", product: { name: "SICK SIM1000 FX Firmware <1.6.0", product_id: "CSAFPID-0008", }, }, { category: "product_version", name: "1.6.0", product: { name: "SICK SIM1000 FX Firmware 1.6.0", product_id: "CSAFPID-0009", }, }, ], category: "product_name", name: "SIM1000 FX Firmware", }, { branches: [ { category: "product_version_range", name: "<2.0.0", product: { name: "SICK SIM1004 Firmware <2.0.0", product_id: "CSAFPID-0010", }, }, { category: "product_version", name: "2.0.0", product: { name: "SICK SIM1004 Firmware 2.0.0", product_id: "CSAFPID-0011", }, }, ], category: "product_name", name: "SIM1004 Firmware", }, { branches: [ { category: "product_version_range", name: "<2.2.0", product: { name: "SICK SIM1012 Firmware <2.2.0", product_id: "CSAFPID-0012", }, }, { category: "product_version", name: "2.2.0", product: { name: "SICK SIM1012 Firmware 2.2.0", product_id: "CSAFPID-0013", }, }, ], category: "product_name", name: "SIM1012 Firmware", }, { branches: [ { category: "product_version_range", name: "<1.13.4", product: { name: "SICK SIM2000ST (LFT, PPC) Firmware <1.13.4", product_id: "CSAFPID-0014", }, }, { category: "product_version", name: "1.13.4", product: { name: "SICK SIM2000ST (LFT, PPC) Firmware 1.13.4", product_id: "CSAFPID-0015", }, }, ], category: "product_name", name: "SIM2000ST (LFT, PPC) Firmware", }, { branches: [ { category: "product_version_range", name: "vers:all/*", product: { name: "SICK SIM2000ST (PPC) Firmware all versions", product_id: "CSAFPID-0016", }, }, ], category: "product_name", name: "SICK SIM2000ST (PPC) Firmware", }, { branches: [ { category: "product_version_range", name: "<1.2.0", product: { name: "SICK SIM2x00 (ARM) Firmware <1.2.0", product_id: "CSAFPID-0017", }, }, { category: "product_version", name: "1.2.0", product: { name: "SICK SIM2x00 (ARM) Firmware 1.2.0", product_id: "CSAFPID-0018", }, }, ], category: "product_name", name: "SIM2x00 (ARM) Firmware", }, { branches: [ { category: "product_version_range", name: "vers:all/*", product: { name: "SICK SIM4000 (PPC) Firmware all versions", product_id: "CSAFPID-0019", }, }, ], category: "product_name", name: "SIM4000 (PPC) Firmware", }, ], category: "vendor", name: "SICK AG", }, ], relationships: [ { category: "installed_on", full_product_name: { name: "SICK SIM1000 FX with Firmware <1.6.0", product_id: "CSAFPID-0020", }, product_reference: "CSAFPID-0008", relates_to_product_reference: "CSAFPID-0001", }, { category: "installed_on", full_product_name: { name: "SICK SIM1004 with Firmware <2.0.0", product_id: "CSAFPID-0021", }, product_reference: "CSAFPID-0010", relates_to_product_reference: "CSAFPID-0002", }, { category: "installed_on", full_product_name: { name: "SICK SIM1012 with Firmware <2.2.0", product_id: "CSAFPID-0022", }, product_reference: "CSAFPID-0012", relates_to_product_reference: "CSAFPID-0003", }, { category: "installed_on", full_product_name: { name: "SICK SIM2000ST (LFT, PPC) with Firmware <1.13.4", product_id: "CSAFPID-0023", }, product_reference: "CSAFPID-0014", relates_to_product_reference: "CSAFPID-0004", }, { category: "installed_on", full_product_name: { name: "SICK SIM2000ST (PPC) all Firmware versions", product_id: "CSAFPID-0024", }, product_reference: "CSAFPID-0016", relates_to_product_reference: "CSAFPID-0005", }, { category: "installed_on", full_product_name: { name: "SICK SIM2x00 (ARM) with Firmware <1.2.0", product_id: "CSAFPID-0025", }, product_reference: "CSAFPID-0017", relates_to_product_reference: "CSAFPID-0006", }, { category: "installed_on", full_product_name: { name: "SICK SIM4000 (PPC) all Firmware versions", product_id: "CSAFPID-0026", }, product_reference: "CSAFPID-0019", relates_to_product_reference: "CSAFPID-0007", }, { category: "installed_on", full_product_name: { name: "SICK SIM1000 FX with Firmware 1.6.0", product_id: "CSAFPID-0027", }, product_reference: "CSAFPID-0009", relates_to_product_reference: "CSAFPID-0001", }, { category: "installed_on", full_product_name: { name: "SICK SIM1004 with Firmware 2.0.0", product_id: "CSAFPID-0028", }, product_reference: "CSAFPID-0011", relates_to_product_reference: "CSAFPID-0002", }, { category: "installed_on", full_product_name: { name: "SICK SIM1012 with Firmware 2.2.0", product_id: "CSAFPID-0029", }, product_reference: "CSAFPID-0013", relates_to_product_reference: "CSAFPID-0003", }, { category: "installed_on", full_product_name: { name: "SICK SIM2000ST (LFT, PPC) with Firmware 1.13.4", product_id: "CSAFPID-0030", }, product_reference: "CSAFPID-0015", relates_to_product_reference: "CSAFPID-0004", }, { category: "installed_on", full_product_name: { name: "SICK SIM2x00 (ARM) with Firmware 1.2.0", product_id: "CSAFPID-0031", }, product_reference: "CSAFPID-0018", relates_to_product_reference: "CSAFPID-0006", }, ], }, vulnerabilities: [ { cve: "CVE-2022-27582", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, notes: [ { category: "description", text: "Password recovery vulnerability in SICK SIM4000 (PPC) Partnumber 1078787 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. \nThe firmware versions <=1.10.1 allow to optionally disable device configuration over the network interfaces. Please make sure that you apply general security practices when operating the SIM4000. A fix is planned but not yet scheduled.", }, ], product_status: { known_affected: [ "CSAFPID-0026", ], }, remediations: [ { category: "workaround", details: "Please make sure that you apply general security practices when operating the SIM4000 (PPC). \nThe firmware versions <=1.10.1 for SIM4000 allow to optionally disable device configuration over the network interfaces.\nAdditionally, the following general security practices could mitigate the associated security risk. A fix is planned but not yet scheduled.", product_ids: [ "CSAFPID-0026", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-0026", ], }, ], }, { cve: "CVE-2022-27584", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, notes: [ { category: "description", text: "Password recovery vulnerability in SICK SIM2000ST Partnumber 1080579 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability.\nThe firmware versions <=1.7.0 allow to optionally disable device configuration over the network interfaces. Please make sure that you apply general security practices when operating the SIM2000ST. A fix is planned but not yet scheduled.", }, ], product_status: { known_affected: [ "CSAFPID-0024", ], }, remediations: [ { category: "workaround", details: "Please make sure that you apply general security practices when operating the SIM2000ST (part number 1080579). \nThe firmware versions <=1.7.0 for SIM2000ST (part number 1080579) allow to optionally disable device configuration over the network interfaces.\nAdditionally, the following general security practices could mitigate the associated security risk. A fix is planned but not yet scheduled.", product_ids: [ "CSAFPID-0024", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-0024", ], }, ], }, { cve: "CVE-2022-47377", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, notes: [ { category: "description", text: "Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 with firmware version <1.13.4 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 1.13.4 as soon as possible (available in SICK Support Portal). ", }, ], product_status: { fixed: [ "CSAFPID-0023", ], recommended: [ "CSAFPID-0030", ], }, remediations: [ { category: "vendor_fix", details: "The recommended solution is to update the firmware to a version >= 1.13.4 as soon as possible.\nThe current firmware allows already to optionally disable device configuration over desired networks interfaces, especially in critical infrastructures.", product_ids: [ "CSAFPID-0023", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-0023", ], }, ], }, { cve: "CVE-2022-27585", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, notes: [ { category: "description", text: "Password recovery vulnerability in SICK SIM1000 FX Partnumber 1097816 and 1097817 with firmware version <1.6.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 1.6.0 as soon as possible (available in SICK Support Portal).", }, ], product_status: { fixed: [ "CSAFPID-0020", ], recommended: [ "CSAFPID-0027", ], }, remediations: [ { category: "vendor_fix", details: "The recommended solution is to update the firmware to a version >= 1.6.0 as soon as possible (available in SICK Support Portal).", product_ids: [ "CSAFPID-0020", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-0020", ], }, ], }, { cve: "CVE-2022-43989", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, notes: [ { category: "description", text: "Password recovery vulnerability in SICK SIM2x00 (ARM) Partnumber 1092673 and 1081902 with firmware version < 1.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 1.2.0 as soon as possible (available in SICK Support Portal).", }, ], product_status: { fixed: [ "CSAFPID-0025", ], recommended: [ "CSAFPID-0031", ], }, remediations: [ { category: "vendor_fix", details: "The recommended solution is to update the firmware to a version >= 1.2.0 as soon as possible.", product_ids: [ "CSAFPID-0025", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-0025", ], }, ], }, { cve: "CVE-2022-43990", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, notes: [ { category: "description", text: "Password recovery vulnerability in SICK SIM1012 Partnumber 1098146 with firmware version <2.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 2.2.0 as soon as possible (available in SICK Support Portal).", }, ], product_status: { fixed: [ "CSAFPID-0022", ], recommended: [ "CSAFPID-0029", ], }, remediations: [ { category: "vendor_fix", details: "The recommended solution is to update the firmware to a version >= 2.2.0 as soon as possible (available in SICK Support Portal).", product_ids: [ "CSAFPID-0022", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-0022", ], }, ], }, { cve: "CVE-2022-27586", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, notes: [ { category: "description", text: "Password recovery vulnerability in SICK SIM1004 Partnumber 1098148 with firmware version <2.0.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 2.0.0 as soon as possible (available in SICK Support Portal).", }, ], product_status: { fixed: [ "CSAFPID-0021", ], recommended: [ "CSAFPID-0028", ], }, remediations: [ { category: "vendor_fix", details: "The recommended solution is to update the firmware to a version >= 2.0.0 as soon as possible.", product_ids: [ "CSAFPID-0021", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-0021", ], }, ], }, ], }
sca-2022-0013
Vulnerability from csaf_sick
Published
2022-10-21 13:00
Modified
2022-11-04 14:00
Summary
Password recovery vulnerability affects multiple SICK SIMs
Notes
SICK received a report about a vulnerability in multiple SICK SIM products. The vulnerability is classified as a "Missing Authentication for Critical Function" vulnerability and results from a mishandling of access to a password recovery mechanism.
It is possible for an unprivileged, remote user to invocate the password recovery mechanism without the needed authentication rights to gain access to the userlevel "RecoverableUserLevel" and thereby increasing their privileges on the system.
General Security Measures
As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.
Vulnerability Classification
SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer’s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en-US", notes: [ { category: "summary", text: "SICK received a report about a vulnerability in multiple SICK SIM products. The vulnerability is classified as a \"Missing Authentication for Critical Function\" vulnerability and results from a mishandling of access to a password recovery mechanism. \nIt is possible for an unprivileged, remote user to invocate the password recovery mechanism without the needed authentication rights to gain access to the userlevel \"RecoverableUserLevel\" and thereby increasing their privileges on the system. \n", }, { category: "general", text: "As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.", title: "General Security Measures", }, { category: "general", text: "SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer’s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.", title: "Vulnerability Classification", }, ], publisher: { category: "vendor", contact_details: "psirt@sick.de", issuing_authority: "SICK PSIRT is responsible for any vulnerabilities related to SICK products.", name: "SICK PSIRT", namespace: "https://sick.com/psirt", }, references: [ { summary: "SICK PSIRT Security Advisories", url: "https://sick.com/psirt", }, { summary: "SICK Operating Guidelines", url: "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF", }, { summary: "ICS-CERT recommended practices on Industrial Security", url: "http://ics-cert.us-cert.gov/content/recommended-practices", }, { summary: "CVSS v3.1 Calculator", url: "https://www.first.org/cvss/calculator/3.1", }, { category: "self", summary: "The canonical URL.", url: "https://www.sick.com/.well-known/csaf/white/2022/sca-2022-0013.json", }, ], title: "Password recovery vulnerability affects multiple SICK SIMs", tracking: { current_release_date: "2022-11-04T14:00:00.000Z", generator: { date: "2023-02-10T10:07:22.817Z", engine: { name: "Secvisogram", version: "2.0.0", }, }, id: "SCA-2022-0013", initial_release_date: "2022-10-21T13:00:00.000Z", revision_history: [ { date: "2022-10-21T13:00:00.000Z", number: "1", summary: "Initial release", }, { date: "2022-11-04T14:00:00.000Z", number: "2", summary: "Updated CVE references", }, { date: "2022-12-14T11:00:00.000Z", number: "3", summary: "Additional CVE included", }, { date: "2023-02-10T11:00:00.000Z", number: "4", summary: "Updated Advisory (only visual changes)", }, ], status: "final", version: "4", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "vers:all/*", product: { name: "SICK SIM1000 FX all versions", product_id: "CSAFPID-0001", product_identification_helper: { skus: [ "1097816", "1097817", ], }, }, }, ], category: "product_name", name: "SIM1000 FX", }, { branches: [ { category: "product_version_range", name: "vers:all/*", product: { name: "SICK SIM1004 all versions", product_id: "CSAFPID-0002", product_identification_helper: { skus: [ "1098148", ], }, }, }, ], category: "product_name", name: "SIM1004", }, { branches: [ { category: "product_version_range", name: "vers:all/*", product: { name: "SICK SIM1012 all versions", product_id: "CSAFPID-0003", product_identification_helper: { skus: [ "1098146", ], }, }, }, ], category: "product_name", name: "SIM1012", }, { branches: [ { category: "product_version_range", name: "vers:all/*", product: { name: "SICK SIM2000ST (LFT, PPC) all versions", product_id: "CSAFPID-0004", product_identification_helper: { skus: [ "2086502", ], }, }, }, ], category: "product_name", name: "SIM2000ST (LFT, PPC)", }, { branches: [ { category: "product_version_range", name: "vers:all/*", product: { name: "SICK SIM2000ST (PPC) all versions", product_id: "CSAFPID-0005", product_identification_helper: { skus: [ "1080579", ], }, }, }, ], category: "product_name", name: "SIM2000ST (PPC)", }, { branches: [ { category: "product_version_range", name: "vers:all/*", product: { name: "SICK SIM2x00 (ARM) all versions", product_id: "CSAFPID-0006", product_identification_helper: { skus: [ "1092673", "1081902", ], }, }, }, ], category: "product_name", name: "SIM2x00 (ARM)", }, { branches: [ { category: "product_version_range", name: "vers:all/*", product: { name: "SICK SIM4000 (PPC) all versions", product_id: "CSAFPID-0007", product_identification_helper: { skus: [ "1078787", ], }, }, }, ], category: "product_name", name: "SIM4000 (PPC)", }, { branches: [ { category: "product_version_range", name: "<1.6.0", product: { name: "SICK SIM1000 FX Firmware <1.6.0", product_id: "CSAFPID-0008", }, }, { category: "product_version", name: "1.6.0", product: { name: "SICK SIM1000 FX Firmware 1.6.0", product_id: "CSAFPID-0009", }, }, ], category: "product_name", name: "SIM1000 FX Firmware", }, { branches: [ { category: "product_version_range", name: "<2.0.0", product: { name: "SICK SIM1004 Firmware <2.0.0", product_id: "CSAFPID-0010", }, }, { category: "product_version", name: "2.0.0", product: { name: "SICK SIM1004 Firmware 2.0.0", product_id: "CSAFPID-0011", }, }, ], category: "product_name", name: "SIM1004 Firmware", }, { branches: [ { category: "product_version_range", name: "<2.2.0", product: { name: "SICK SIM1012 Firmware <2.2.0", product_id: "CSAFPID-0012", }, }, { category: "product_version", name: "2.2.0", product: { name: "SICK SIM1012 Firmware 2.2.0", product_id: "CSAFPID-0013", }, }, ], category: "product_name", name: "SIM1012 Firmware", }, { branches: [ { category: "product_version_range", name: "<1.13.4", product: { name: "SICK SIM2000ST (LFT, PPC) Firmware <1.13.4", product_id: "CSAFPID-0014", }, }, { category: "product_version", name: "1.13.4", product: { name: "SICK SIM2000ST (LFT, PPC) Firmware 1.13.4", product_id: "CSAFPID-0015", }, }, ], category: "product_name", name: "SIM2000ST (LFT, PPC) Firmware", }, { branches: [ { category: "product_version_range", name: "vers:all/*", product: { name: "SICK SIM2000ST (PPC) Firmware all versions", product_id: "CSAFPID-0016", }, }, ], category: "product_name", name: "SICK SIM2000ST (PPC) Firmware", }, { branches: [ { category: "product_version_range", name: "<1.2.0", product: { name: "SICK SIM2x00 (ARM) Firmware <1.2.0", product_id: "CSAFPID-0017", }, }, { category: "product_version", name: "1.2.0", product: { name: "SICK SIM2x00 (ARM) Firmware 1.2.0", product_id: "CSAFPID-0018", }, }, ], category: "product_name", name: "SIM2x00 (ARM) Firmware", }, { branches: [ { category: "product_version_range", name: "vers:all/*", product: { name: "SICK SIM4000 (PPC) Firmware all versions", product_id: "CSAFPID-0019", }, }, ], category: "product_name", name: "SIM4000 (PPC) Firmware", }, ], category: "vendor", name: "SICK AG", }, ], relationships: [ { category: "installed_on", full_product_name: { name: "SICK SIM1000 FX with Firmware <1.6.0", product_id: "CSAFPID-0020", }, product_reference: "CSAFPID-0008", relates_to_product_reference: "CSAFPID-0001", }, { category: "installed_on", full_product_name: { name: "SICK SIM1004 with Firmware <2.0.0", product_id: "CSAFPID-0021", }, product_reference: "CSAFPID-0010", relates_to_product_reference: "CSAFPID-0002", }, { category: "installed_on", full_product_name: { name: "SICK SIM1012 with Firmware <2.2.0", product_id: "CSAFPID-0022", }, product_reference: "CSAFPID-0012", relates_to_product_reference: "CSAFPID-0003", }, { category: "installed_on", full_product_name: { name: "SICK SIM2000ST (LFT, PPC) with Firmware <1.13.4", product_id: "CSAFPID-0023", }, product_reference: "CSAFPID-0014", relates_to_product_reference: "CSAFPID-0004", }, { category: "installed_on", full_product_name: { name: "SICK SIM2000ST (PPC) all Firmware versions", product_id: "CSAFPID-0024", }, product_reference: "CSAFPID-0016", relates_to_product_reference: "CSAFPID-0005", }, { category: "installed_on", full_product_name: { name: "SICK SIM2x00 (ARM) with Firmware <1.2.0", product_id: "CSAFPID-0025", }, product_reference: "CSAFPID-0017", relates_to_product_reference: "CSAFPID-0006", }, { category: "installed_on", full_product_name: { name: "SICK SIM4000 (PPC) all Firmware versions", product_id: "CSAFPID-0026", }, product_reference: "CSAFPID-0019", relates_to_product_reference: "CSAFPID-0007", }, { category: "installed_on", full_product_name: { name: "SICK SIM1000 FX with Firmware 1.6.0", product_id: "CSAFPID-0027", }, product_reference: "CSAFPID-0009", relates_to_product_reference: "CSAFPID-0001", }, { category: "installed_on", full_product_name: { name: "SICK SIM1004 with Firmware 2.0.0", product_id: "CSAFPID-0028", }, product_reference: "CSAFPID-0011", relates_to_product_reference: "CSAFPID-0002", }, { category: "installed_on", full_product_name: { name: "SICK SIM1012 with Firmware 2.2.0", product_id: "CSAFPID-0029", }, product_reference: "CSAFPID-0013", relates_to_product_reference: "CSAFPID-0003", }, { category: "installed_on", full_product_name: { name: "SICK SIM2000ST (LFT, PPC) with Firmware 1.13.4", product_id: "CSAFPID-0030", }, product_reference: "CSAFPID-0015", relates_to_product_reference: "CSAFPID-0004", }, { category: "installed_on", full_product_name: { name: "SICK SIM2x00 (ARM) with Firmware 1.2.0", product_id: "CSAFPID-0031", }, product_reference: "CSAFPID-0018", relates_to_product_reference: "CSAFPID-0006", }, ], }, vulnerabilities: [ { cve: "CVE-2022-27582", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, notes: [ { category: "description", text: "Password recovery vulnerability in SICK SIM4000 (PPC) Partnumber 1078787 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. \nThe firmware versions <=1.10.1 allow to optionally disable device configuration over the network interfaces. Please make sure that you apply general security practices when operating the SIM4000. A fix is planned but not yet scheduled.", }, ], product_status: { known_affected: [ "CSAFPID-0026", ], }, remediations: [ { category: "workaround", details: "Please make sure that you apply general security practices when operating the SIM4000 (PPC). \nThe firmware versions <=1.10.1 for SIM4000 allow to optionally disable device configuration over the network interfaces.\nAdditionally, the following general security practices could mitigate the associated security risk. A fix is planned but not yet scheduled.", product_ids: [ "CSAFPID-0026", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-0026", ], }, ], }, { cve: "CVE-2022-27584", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, notes: [ { category: "description", text: "Password recovery vulnerability in SICK SIM2000ST Partnumber 1080579 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability.\nThe firmware versions <=1.7.0 allow to optionally disable device configuration over the network interfaces. Please make sure that you apply general security practices when operating the SIM2000ST. A fix is planned but not yet scheduled.", }, ], product_status: { known_affected: [ "CSAFPID-0024", ], }, remediations: [ { category: "workaround", details: "Please make sure that you apply general security practices when operating the SIM2000ST (part number 1080579). \nThe firmware versions <=1.7.0 for SIM2000ST (part number 1080579) allow to optionally disable device configuration over the network interfaces.\nAdditionally, the following general security practices could mitigate the associated security risk. A fix is planned but not yet scheduled.", product_ids: [ "CSAFPID-0024", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-0024", ], }, ], }, { cve: "CVE-2022-47377", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, notes: [ { category: "description", text: "Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 with firmware version <1.13.4 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 1.13.4 as soon as possible (available in SICK Support Portal). ", }, ], product_status: { fixed: [ "CSAFPID-0023", ], recommended: [ "CSAFPID-0030", ], }, remediations: [ { category: "vendor_fix", details: "The recommended solution is to update the firmware to a version >= 1.13.4 as soon as possible.\nThe current firmware allows already to optionally disable device configuration over desired networks interfaces, especially in critical infrastructures.", product_ids: [ "CSAFPID-0023", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-0023", ], }, ], }, { cve: "CVE-2022-27585", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, notes: [ { category: "description", text: "Password recovery vulnerability in SICK SIM1000 FX Partnumber 1097816 and 1097817 with firmware version <1.6.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 1.6.0 as soon as possible (available in SICK Support Portal).", }, ], product_status: { fixed: [ "CSAFPID-0020", ], recommended: [ "CSAFPID-0027", ], }, remediations: [ { category: "vendor_fix", details: "The recommended solution is to update the firmware to a version >= 1.6.0 as soon as possible (available in SICK Support Portal).", product_ids: [ "CSAFPID-0020", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-0020", ], }, ], }, { cve: "CVE-2022-43989", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, notes: [ { category: "description", text: "Password recovery vulnerability in SICK SIM2x00 (ARM) Partnumber 1092673 and 1081902 with firmware version < 1.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 1.2.0 as soon as possible (available in SICK Support Portal).", }, ], product_status: { fixed: [ "CSAFPID-0025", ], recommended: [ "CSAFPID-0031", ], }, remediations: [ { category: "vendor_fix", details: "The recommended solution is to update the firmware to a version >= 1.2.0 as soon as possible.", product_ids: [ "CSAFPID-0025", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-0025", ], }, ], }, { cve: "CVE-2022-43990", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, notes: [ { category: "description", text: "Password recovery vulnerability in SICK SIM1012 Partnumber 1098146 with firmware version <2.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 2.2.0 as soon as possible (available in SICK Support Portal).", }, ], product_status: { fixed: [ "CSAFPID-0022", ], recommended: [ "CSAFPID-0029", ], }, remediations: [ { category: "vendor_fix", details: "The recommended solution is to update the firmware to a version >= 2.2.0 as soon as possible (available in SICK Support Portal).", product_ids: [ "CSAFPID-0022", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-0022", ], }, ], }, { cve: "CVE-2022-27586", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, notes: [ { category: "description", text: "Password recovery vulnerability in SICK SIM1004 Partnumber 1098148 with firmware version <2.0.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 2.0.0 as soon as possible (available in SICK Support Portal).", }, ], product_status: { fixed: [ "CSAFPID-0021", ], recommended: [ "CSAFPID-0028", ], }, remediations: [ { category: "vendor_fix", details: "The recommended solution is to update the firmware to a version >= 2.0.0 as soon as possible.", product_ids: [ "CSAFPID-0021", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-0021", ], }, ], }, ], }
ghsa-mf6m-m52m-43jc
Vulnerability from github
Published
2022-11-02 12:00
Modified
2022-11-03 19:00
Severity ?
Details
Password recovery vulnerability in SICK SIM1004 Partnumber 1098148 with firmware version < 2.0.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to a increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 2.0.0 as soon as possible.
{ affected: [], aliases: [ "CVE-2022-27586", ], database_specific: { cwe_ids: [ "CWE-306", ], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2022-11-01T21:15:00Z", severity: "CRITICAL", }, details: "Password recovery vulnerability in SICK SIM1004 Partnumber 1098148 with firmware version < 2.0.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to a increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 2.0.0 as soon as possible.", id: "GHSA-mf6m-m52m-43jc", modified: "2022-11-03T19:00:26Z", published: "2022-11-02T12:00:36Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-27586", }, { type: "WEB", url: "https://sick.com/psirt", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", type: "CVSS_V3", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.