CVE-2022-46834
First published: Tue Dec 13 2022(Updated: )
Use of a Broken or Risky Cryptographic Algorithm in SICK RFU65x firmware version < v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person.
Credit: psirt@sick.de psirt@sick.de
| Affected Software | Affected Version | How to fix |
|---|---|---|
| <2.21 | ||
| <2.21 | ||
| <2.21 | ||
| <2.21 | ||
| <2.21 | ||
| <2.21 | ||
| <2.21 | ||
| All of | ||
| Sick Rfu650-10100 Firmware | <2.21 | |
| Sick Rfu650-10100 | ||
| All of | ||
| Sick Rfu650-10101 Firmware | <2.21 | |
| Sick Rfu650-10101 | ||
| All of | ||
| Sick Rfu650-10102 Firmware | <2.21 | |
| Sick Rfu650-10102 | ||
| All of | ||
| Sick Rfu650-10103 Firmware | <2.21 | |
| Sick Rfu650-10103 | ||
| All of | ||
| Sick Rfu650-10104 Firmware | <2.21 | |
| Sick Rfu650-10104 | ||
| All of | ||
| Sick Rfu650-10105 Firmware | <2.21 | |
| Sick Rfu650-10105 | ||
| All of | ||
| Sick Rfu650-10106 Firmware | <2.21 | |
| Sick Rfu650-10106 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-46834?
CVE-2022-46834 is a vulnerability that involves the use of a broken or risky cryptographic algorithm in the SICK RFU65x firmware version < v2.21.
How does CVE-2022-46834 allow an attacker to decrypt encrypted data?
CVE-2022-46834 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface.
What is the severity of CVE-2022-46834?
CVE-2022-46834 has a severity rating of 6.5 (Medium).
Which versions of SICK RFU65x firmware are affected by CVE-2022-46834?
SICK RFU65x firmware versions up to and excluding v2.21 are affected by CVE-2022-46834.
Is there a patch available for CVE-2022-46834?
Yes, a patch is available for CVE-2022-46834. Please refer to the vendor's website or documentation for the installation procedure.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/severity
- agent/first-publish-date
- agent/description
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/author
- agent/tags
- agent/softwarecombine
- agent/event
- vendor/sick
- canonical/sick rfu650-10100 firmware
- canonical/sick rfu650-10100
- canonical/sick rfu650-10101 firmware
- canonical/sick rfu650-10101
- canonical/sick rfu650-10102 firmware
- canonical/sick rfu650-10102
- canonical/sick rfu650-10103 firmware
- canonical/sick rfu650-10103
- canonical/sick rfu650-10104 firmware
- canonical/sick rfu650-10104
- canonical/sick rfu650-10105 firmware
- canonical/sick rfu650-10105
- canonical/sick rfu650-10106 firmware
- canonical/sick rfu650-10106