CVE-2022-43989

EPSS 0.45%
Veröffentlicht 01.11.2022 21:15:11
Zuletzt bearbeitet 05.05.2025 15:15:49
Quelle psirt@sick.de
CVE-Watchlists
Login
Unerledigt
Login

Password recovery vulnerability in SICK SIM2x00 (ARM) Partnumber 1092673 and 1081902 with firmware version < 1.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 1.2.0 as soon as possible (available in SICK Support Portal).

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sick ≫ Sim2000-2p04g10 Firmware Version < 1.2.0

Sick ≫ Sim2000-2p04g10 Version-

Sick ≫ Sim2500-2p03g10 Firmware Version < 1.2.0

Sick ≫ Sim2500-2p03g10 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.45%	0.629

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.3	3.9	3.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.3	3.9	3.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://sick.com/psirt

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-43989

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-43989

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-43989

EUVD