CVE-2022-27581
First published: Tue Dec 13 2022(Updated: )
Use of a Broken or Risky Cryptographic Algorithm in SICK RFU61x firmware version <v2.25 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person.
Credit: psirt@sick.de
| Affected Software | Affected Version | How to fix |
|---|---|---|
| <2.25 | ||
| <2.25 | ||
| <2.25 | ||
| <2.25 | ||
| <2.25 | ||
| <2.25 | ||
| <2.25 | ||
| <2.25 | ||
| <2.25 | ||
| <2.25 | ||
| <2.25 | ||
| <2.25 | ||
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-27581?
The severity of CVE-2022-27581 is medium with a CVSS score of 6.5.
How does CVE-2022-27581 affect SICK RFU61x firmware version <v2.25?
CVE-2022-27581 allows a low-privileged remote attacker to decrypt encrypted data if weak cipher suites are requested for encryption via the SSH interface in SICK RFU61x firmware versions older than v2.25.
Is SICK RFU610-10600 firmware version vulnerable to CVE-2022-27581?
Yes, SICK RFU610-10600 firmware version up to exclusive v2.25 is vulnerable to CVE-2022-27581.
How can I fix CVE-2022-27581?
To fix CVE-2022-27581, update the SICK RFU61x firmware to version 2.25 or later.
Where can I find more information about CVE-2022-27581?
You can find more information about CVE-2022-27581 at https://sick.com/psirt.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- agent/type
- agent/description
- collector/mitre-cve
- source/MITRE
- vendor/sick