Vulnerability Description
Use of a Broken or Risky Cryptographic Algorithm in SICK RFU61x firmware version <v2.25 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sick | Rfu610-10600 Firmware | < 2.25 |
| Sick | Rfu610-10600 | - |
| Sick | Rfu610-10601 Firmware | < 2.25 |
| Sick | Rfu610-10601 | - |
| Sick | Rfu610-10603 Firmware | < 2.25 |
| Sick | Rfu610-10603 | - |
| Sick | Rfu610-10604 Firmware | < 2.25 |
| Sick | Rfu610-10604 | - |
| Sick | Rfu610-10605 Firmware | < 2.25 |
| Sick | Rfu610-10605 | - |
| Sick | Rfu610-10607 Firmware | < 2.25 |
| Sick | Rfu610-10607 | - |
| Sick | Rfu610-10609 Firmware | < 2.25 |
| Sick | Rfu610-10609 | - |
| Sick | Rfu610-10610 Firmware | < 2.25 |
| Sick | Rfu610-10610 | - |
| Sick | Rfu610-10613 Firmware | < 2.25 |
| Sick | Rfu610-10613 | - |
| Sick | Rfu610-10614 Firmware | < 2.25 |
| Sick | Rfu610-10614 | - |
Related Weaknesses (CWE)
References
- https://sick.com/psirtVendor Advisory
- https://sick.com/psirtVendor Advisory
FAQ
What is CVE-2022-27581?
CVE-2022-27581 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Use of a Broken or Risky Cryptographic Algorithm in SICK RFU61x firmware version <v2.25 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites t...
How severe is CVE-2022-27581?
CVE-2022-27581 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-27581?
Check the references section above for vendor advisories and patch information. Affected products include: Sick Rfu610-10600 Firmware, Sick Rfu610-10600, Sick Rfu610-10601 Firmware, Sick Rfu610-10601, Sick Rfu610-10603 Firmware.