Vulnerability Description
Use of a Broken or Risky Cryptographic Algorithm in SICK RFU63x firmware version < v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sick | Rfu630-04100 Firmware | < 2.21 |
| Sick | Rfu630-04100 | - |
| Sick | Rfu630-04100S01 Firmware | < 2.21 |
| Sick | Rfu630-04100S01 | - |
| Sick | Rfu630-04101 Firmware | < 2.21 |
| Sick | Rfu630-04101 | - |
| Sick | Rfu630-04102 Firmware | < 2.21 |
| Sick | Rfu630-04102 | - |
| Sick | Rfu630-04103 Firmware | < 2.21 |
| Sick | Rfu630-04103 | - |
| Sick | Rfu630-04104 Firmware | < 2.21 |
| Sick | Rfu630-04104 | - |
| Sick | Rfu630-04105 Firmware | < 2.21 |
| Sick | Rfu630-04105 | - |
| Sick | Rfu630-04106 Firmware | < 2.21 |
| Sick | Rfu630-04106 | - |
| Sick | Rfu630-04109 Firmware | < 2.21 |
| Sick | Rfu630-04109 | - |
| Sick | Rfu630-04117 Firmware | < 2.21 |
| Sick | Rfu630-04117 | - |
Related Weaknesses (CWE)
References
- https://sick.com/psirtVendor Advisory
- https://sick.com/psirtVendor Advisory
FAQ
What is CVE-2022-46833?
CVE-2022-46833 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Use of a Broken or Risky Cryptographic Algorithm in SICK RFU63x firmware version < v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites ...
How severe is CVE-2022-46833?
CVE-2022-46833 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-46833?
Check the references section above for vendor advisories and patch information. Affected products include: Sick Rfu630-04100 Firmware, Sick Rfu630-04100, Sick Rfu630-04100S01 Firmware, Sick Rfu630-04100S01, Sick Rfu630-04101 Firmware.