CVE-2022-27582 — CRITICAL (9.8)

Q: How severe is CVE-2022-27582?

CVE-2022-27582 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2022-27582?

Check the references section above for vendor advisories and patch information. Affected products include: Sick Sim2000 Firmware, Sick Sim2000, Sick Sim2000St Firmware, Sick Sim2000St, Sick Sim2500 Firmware.

Vulnerability Description

Password recovery vulnerability in SICK SIM4000 (PPC) Partnumber 1078787 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The firmware versions <=1.10.1 allow to optionally disable device configuration over the network interfaces. Please make sure that you apply general security practices when operating the SIM4000. A fix is planned but not yet scheduled.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Sick	Sim2000 Firmware	< 1.2.0
Sick	Sim2000	-
Sick	Sim2000St Firmware	< 1.2.0
Sick	Sim2000St	-
Sick	Sim2500 Firmware	< 1.2.0
Sick	Sim2500	-
Sick	Sim1012 Firmware	< 2.2.0
Sick	Sim1012	-
Sick	Sim1004 Firmware	< 2.0.0
Sick	Sim1004	-
Sick	Sim1000 Fx Firmware	< 1.6.0
Sick	Sim1000 Fx	-
Sick	Sim4000 Firmware	All versions
Sick	Sim4000	-

Related Weaknesses (CWE)

CWE-306

References

https://sick.com/psirtVendor Advisory
https://sick.com/psirtVendor Advisory

FAQ

What is CVE-2022-27582?

CVE-2022-27582 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Password recovery vulnerability in SICK SIM4000 (PPC) Partnumber 1078787 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the passwo...

How severe is CVE-2022-27582?

CVE-2022-27582 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2022-27582?

Check the references section above for vendor advisories and patch information. Affected products include: Sick Sim2000 Firmware, Sick Sim2000, Sick Sim2000St Firmware, Sick Sim2000St, Sick Sim2500 Firmware.