Vulnerability Description
Use of a Broken or Risky Cryptographic Algorithm in SICK RFU62x firmware version < 2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sick | Rfu620-10100 Firmware | < 2.21 |
| Sick | Rfu620-10100 | - |
| Sick | Rfu620-10101 Firmware | < 2.21 |
| Sick | Rfu620-10101 | - |
| Sick | Rfu620-10102 Firmware | < 2.21 |
| Sick | Rfu620-10102 | - |
| Sick | Rfu620-10103 Firmware | < 2.21 |
| Sick | Rfu620-10103 | - |
| Sick | Rfu620-10104 Firmware | < 2.21 |
| Sick | Rfu620-10104 | - |
| Sick | Rfu620-10105 Firmware | < 2.21 |
| Sick | Rfu620-10105 | - |
| Sick | Rfu620-10107 Firmware | < 2.21 |
| Sick | Rfu620-10107 | - |
| Sick | Rfu620-10108 Firmware | < 2.21 |
| Sick | Rfu620-10108 | - |
| Sick | Rfu620-10111 Firmware | < 2.21 |
| Sick | Rfu620-10111 | - |
| Sick | Rfu620-10114 Firmware | < 2.21 |
| Sick | Rfu620-10114 | - |
Related Weaknesses (CWE)
References
- https://sick.com/psirtVendor Advisory
- https://sick.com/psirtVendor Advisory
FAQ
What is CVE-2022-46832?
CVE-2022-46832 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Use of a Broken or Risky Cryptographic Algorithm in SICK RFU62x firmware version < 2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites t...
How severe is CVE-2022-46832?
CVE-2022-46832 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-46832?
Check the references section above for vendor advisories and patch information. Affected products include: Sick Rfu620-10100 Firmware, Sick Rfu620-10100, Sick Rfu620-10101 Firmware, Sick Rfu620-10101, Sick Rfu620-10102 Firmware.