Use of a Broken or Risky Cryptographic Algorithm in SICK RFU61x firmware version <v2.25 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person.
References
| Link | Resource |
|---|---|
| https://sick.com/psirt | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
Configuration 6 (hide)
| AND |
|
Configuration 7 (hide)
| AND |
|
Configuration 8 (hide)
| AND |
|
Configuration 9 (hide)
| AND |
|
Configuration 10 (hide)
| AND |
|
Configuration 11 (hide)
| AND |
|
Configuration 12 (hide)
| AND |
|
History
15 Dec 2022, 17:44
| Type | Values Removed | Values Added |
|---|---|---|
| References | (MISC) https://sick.com/psirtĀ - Vendor Advisory | |
| First Time |
Sick rfu610-10618 Firmware
Sick rfu610-10607 Firmware Sick rfu610-10601 Sick rfu610-10610 Sick rfu610-10613 Firmware Sick rfu610-10601 Firmware Sick rfu610-10700 Firmware Sick rfu610-10614 Firmware Sick Sick rfu610-10603 Firmware Sick rfu610-10609 Firmware Sick rfu610-10609 Sick rfu610-10600 Firmware Sick rfu610-10700 Sick rfu610-10605 Sick rfu610-10618 Sick rfu610-10610 Firmware Sick rfu610-10613 Sick rfu610-10607 Sick rfu610-10603 Sick rfu610-10600 Sick rfu610-10614 Sick rfu610-10604 Sick rfu610-10604 Firmware Sick rfu610-10605 Firmware |
|
| CPE | cpe:2.3:o:sick:rfu610-10700_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:sick:rfu610-10614:-:*:*:*:*:*:*:* cpe:2.3:h:sick:rfu610-10607:-:*:*:*:*:*:*:* cpe:2.3:h:sick:rfu610-10700:-:*:*:*:*:*:*:* cpe:2.3:h:sick:rfu610-10613:-:*:*:*:*:*:*:* cpe:2.3:o:sick:rfu610-10601_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:sick:rfu610-10609_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:sick:rfu610-10607_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:sick:rfu610-10609:-:*:*:*:*:*:*:* cpe:2.3:o:sick:rfu610-10604_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:sick:rfu610-10614_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:sick:rfu610-10601:-:*:*:*:*:*:*:* cpe:2.3:h:sick:rfu610-10603:-:*:*:*:*:*:*:* cpe:2.3:h:sick:rfu610-10610:-:*:*:*:*:*:*:* cpe:2.3:h:sick:rfu610-10604:-:*:*:*:*:*:*:* cpe:2.3:o:sick:rfu610-10618_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:sick:rfu610-10600_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:sick:rfu610-10610_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:sick:rfu610-10613_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:sick:rfu610-10605_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:sick:rfu610-10605:-:*:*:*:*:*:*:* cpe:2.3:h:sick:rfu610-10600:-:*:*:*:*:*:*:* cpe:2.3:o:sick:rfu610-10603_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:sick:rfu610-10618:-:*:*:*:*:*:*:* |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
| CWE | CWE-327 |
13 Dec 2022, 16:52
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-12-13 16:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-27581
Mitre link : CVE-2022-27581
CVE.ORG link : CVE-2022-27581
JSON object : View
Products Affected
sick
- rfu610-10603
- rfu610-10600
- rfu610-10613_firmware
- rfu610-10700
- rfu610-10604_firmware
- rfu610-10601_firmware
- rfu610-10603_firmware
- rfu610-10613
- rfu610-10601
- rfu610-10614_firmware
- rfu610-10607_firmware
- rfu610-10610
- rfu610-10614
- rfu610-10605
- rfu610-10618
- rfu610-10604
- rfu610-10607
- rfu610-10609
- rfu610-10600_firmware
- rfu610-10605_firmware
- rfu610-10700_firmware
- rfu610-10618_firmware
- rfu610-10609_firmware
- rfu610-10610_firmware
CWE
CWE-327
Use of a Broken or Risky Cryptographic Algorithm