CVE-2022-27577

EPSS 0.5%
Veröffentlicht 11.04.2022 20:15:22
Zuletzt bearbeitet 21.11.2024 06:55:58
Quelle psirt@sick.de
CVE-Watchlists
Login
Unerledigt
Login

The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from a trusted computer. These forged packets could compromise services on the MSC800. SICK has released a new firmware version of the SICK MSC800 and recommends updating to the newest version.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sick ≫ Msc800 Firmware Version < 4.15

Sick ≫ Msc800 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.5%	0.648

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:P/I:N/A:P

CWE-330 Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

CWE-342 Predictable Exact Value from Previous Values

An exact value or random number can be precisely predicted by observing previous values.

https://sick.com/psirt

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-27577

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-27577

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-27577

EUVD