CVE-2022-43989
First published: Tue Nov 01 2022(Updated: )
Password recovery vulnerability in SICK SIM2x00 (ARM) Partnumber 1092673 and 1081902 with firmware version < 1.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 1.2.0 as soon as possible (available in SICK Support Portal).
Credit: psirt@sick.de psirt@sick.de
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sick Sim2000-2p04g10 Firmware | <1.2.0 | |
| Sick Sim2000-2p04g10 | ||
| Sick Sim2500-2p03g10 Firmware | <1.2.0 | |
| Sick Sim2500-2p03g10 | ||
| All of | ||
| Sick Sim2000-2p04g10 Firmware | <1.2.0 | |
| Sick Sim2000-2p04g10 | ||
| All of | ||
| Sick Sim2500-2p03g10 Firmware | <1.2.0 | |
| Sick Sim2500-2p03g10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2022-43989.
What is the title of the vulnerability?
The title of the vulnerability is 'Password recovery vulnerability in SICK SIM2x00 (ARM) Partnumber 1092673 and 1081902 with firmware v…'.
What software versions are affected by this vulnerability?
The SICK SIM2x00 (ARM) Partnumber 1092673 and 1081902 with firmware version < 1.2.0 are affected by this vulnerability.
How does this vulnerability impact the system?
This vulnerability allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invoking the password recovery mechanism method.
What is the severity of CVE-2022-43989?
The severity of CVE-2022-43989 is high (CVSS score 7.3).
How can I fix this vulnerability?
To fix this vulnerability, update the firmware version of SICK SIM2x00 (ARM) Partnumber 1092673 and 1081902 to version 1.2.0 or higher.
Is Sick Sim2000-2p04g10 firmware vulnerable?
Yes, Sick Sim2000-2p04g10 firmware with version lower than 1.2.0 is vulnerable to this password recovery vulnerability (CVE-2022-43989).
Is Sick Sim2500-2p03g10 firmware vulnerable?
Yes, Sick Sim2500-2p03g10 firmware with version lower than 1.2.0 is vulnerable to this password recovery vulnerability (CVE-2022-43989).
Where can I find more information about this vulnerability?
More information about this vulnerability can be found at the following link: https://sick.com/psirt.
What is the CWE ID for this vulnerability?
The CWE ID for this vulnerability is 306.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/weakness
- agent/description
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/author
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/sick
- canonical/sick sim2000-2p04g10 firmware
- canonical/sick sim2000-2p04g10
- canonical/sick sim2500-2p03g10 firmware
- canonical/sick sim2500-2p03g10