CVE-2022-27577 — CRITICAL (9.1)

Q: How severe is CVE-2022-27577?

CVE-2022-27577 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2022-27577?

Check the references section above for vendor advisories and patch information. Affected products include: Sick Msc800 Firmware, Sick Msc800.

Vulnerability Description

The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from a trusted computer. These forged packets could compromise services on the MSC800. SICK has released a new firmware version of the SICK MSC800 and recommends updating to the newest version.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Sick	Msc800 Firmware	< 4.15
Sick	Msc800	-

Related Weaknesses (CWE)

CWE-342 CWE-330

References

https://sick.com/psirtVendor Advisory
https://sick.com/psirtVendor Advisory

FAQ

What is CVE-2022-27577?

CVE-2022-27577 is a vulnerability with a CVSS score of 9.1 (CRITICAL). The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that a...

How severe is CVE-2022-27577?

CVE-2022-27577 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2022-27577?

Check the references section above for vendor advisories and patch information. Affected products include: Sick Msc800 Firmware, Sick Msc800.