CVE-2022-46834

CVSS 6.5 MEDIUMEPSS 0.3%CWE-327

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 6.5EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

13 Dec 2022Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Use of a Broken or Risky Cryptographic Algorithm in SICK RFU65x firmware version < v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected products

n/a · SICK RFU65x Firmware

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://sick.com/psirt