{"id": "CVE-2022-46832", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2022-12-13T16:15:26.107", "references": [{"url": "https://sick.com/psirt", "tags": ["Vendor Advisory"], "source": "psirt@sick.de"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-327"}]}, {"type": "Secondary", "source": "psirt@sick.de", "description": [{"lang": "en", "value": "CWE-327"}]}], "descriptions": [{"lang": "en", "value": "Use of a Broken or Risky Cryptographic Algorithm in SICK RFU62x firmware version < 2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person."}, {"lang": "es", "value": "Uso de un algoritmo criptogr\u00e1fico defectuoso o riesgoso en la versi\u00f3n de firmware SICK RFU62x < 2.21 permite a un atacante remoto con pocos privilegios descifrar los datos cifrados si el usuario solicita que se utilicen conjuntos de cifrado d\u00e9biles para el cifrado a trav\u00e9s de la interfaz SSH. El parche y el procedimiento de instalaci\u00f3n para la actualizaci\u00f3n del firmware est\u00e1n disponibles a trav\u00e9s de la persona de contacto responsable con el cliente de SICK."}], "lastModified": "2022-12-15T20:13:44.290", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sick:rfu620-10100_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD03AE3A-955B-4290-A92F-C2CC0312B60A", "versionEndExcluding": "2.21"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sick:rfu620-10100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3F073EEF-AFDF-4B3A-9DC0-09FE23BE68F9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sick:rfu620-10101_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A2CEB85-FDC1-42A1-A4A0-AE64F1A323BB", "versionEndExcluding": "2.21"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sick:rfu620-10101:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5DF29A7F-7E29-4F5C-AD0C-5E8CECA6F8EB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sick:rfu620-10102_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E47DAA07-241F-4597-895A-69DCA0F82B6A", "versionEndExcluding": "2.21"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sick:rfu620-10102:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2047D5DF-293E-4DEE-B453-8A78D9458E92"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sick:rfu620-10103_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C6CD295-36C6-42E7-AEB8-DF069103A1DF", "versionEndExcluding": "2.21"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sick:rfu620-10103:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "67411C6F-BA44-4788-855C-B9C052D10DDC"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sick:rfu620-10104_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE9D24F0-6288-4CBE-BDC3-3B95FAF87328", "versionEndExcluding": "2.21"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sick:rfu620-10104:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8F09E013-48EF-4507-B143-2EC364D66BBB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sick:rfu620-10105_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63AFD062-FF4E-41CB-9914-3C26A30E95A7", "versionEndExcluding": "2.21"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sick:rfu620-10105:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "ABED4F7C-0C31-4A59-A98F-8C8CA4063B6A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sick:rfu620-10107_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C3CCC53-D886-4CD0-876D-0DE3CC2C955B", "versionEndExcluding": "2.21"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sick:rfu620-10107:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "68CE728C-23DE-490F-BC89-A2D6B9A1D397"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sick:rfu620-10108_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "488BFDAA-76D2-4BB1-B148-B9130B99B6A5", "versionEndExcluding": "2.21"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sick:rfu620-10108:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E6B26F88-E573-4C9A-B74F-C1BF0FF5EAEC"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sick:rfu620-10111_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E64AEC3F-0700-4ACC-BE6F-21B136A8756E", "versionEndExcluding": "2.21"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sick:rfu620-10111:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A210E87B-D753-44E9-89C0-4D0F095FF30F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sick:rfu620-10114_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3AED40CD-D15E-44F1-A489-04B30CB54975", "versionEndExcluding": "2.21"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sick:rfu620-10114:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D9D5DC2A-58C4-4C7D-B888-0A61468BA883"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sick:rfu620-10118_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7FFFD007-696F-46C1-A1C6-3E8019E9566A", "versionEndExcluding": "2.21"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sick:rfu620-10118:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6CF06288-2C08-4E1E-B8A7-6011EC5C52DA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sick:rfu620-10400_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "185E70E6-30DB-4C41-A7E5-7F726F8F2B8A", "versionEndExcluding": "2.21"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sick:rfu620-10400:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A0EED775-3161-4A47-BB88-D806141D6DE0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sick:rfu620-10401_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "48CB8FBD-9A17-4131-9879-7E2C29F86ADD", "versionEndExcluding": "2.21"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sick:rfu620-10401:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "74B801F7-9D09-4DAD-9CA4-E4A4BBBD0175"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sick:rfu620-10500_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "894E3115-4F8D-4D80-8D0E-29277B9BFDB2", "versionEndExcluding": "2.21"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sick:rfu620-10500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "99BA97F5-DC6A-401A-9E48-952FFF19F5AE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sick:rfu620-10501_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FFBD0CA2-74E7-4978-8884-D06761C1DFF3", "versionEndExcluding": "2.21"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sick:rfu620-10501:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "82D1071F-6E28-4F9D-8B6A-DDB046A3C8AF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sick:rfu620-10503_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE721250-1226-45C7-90E3-1745F868F524", "versionEndExcluding": "2.21"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sick:rfu620-10503:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2E364F7C-5F72-47A8-A0C0-2AB9525F5FB7"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sick:rfu620-10504_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EBA9CB27-E3F8-4EF2-A502-407418B119DA", "versionEndExcluding": "2.21"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sick:rfu620-10504:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "589130D5-527C-4048-ACE4-6A538EE85ADC"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sick:rfu620-10507_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F18D52F5-F7BE-45F9-9EE7-4BE4E7CF0888", "versionEndExcluding": "2.21"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sick:rfu620-10507:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D9736D69-5312-4139-9D7D-15E07FB6F7C5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sick:rfu620-10508_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B33FEA70-2630-4664-9A84-245F6FEF4EEF", "versionEndExcluding": "2.21"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sick:rfu620-10508:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CEC1D7E3-E1D9-40F1-BDCE-7A12B6FAB2B6"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sick:rfu620-10510_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "322F06D7-7BD9-45D5-A814-F9E89C69DE7D", "versionEndExcluding": "2.21"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sick:rfu620-10510:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1DA7EFAE-1435-4333-9E9B-B8BF29133A17"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sick:rfu620-10514_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85BA6FA6-F7D9-4930-9869-3B24BA45298C", "versionEndExcluding": "2.21"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sick:rfu620-10514:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7FFE928E-2011-4F95-8A2F-69CD5D582BBB"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@sick.de"}