CVE-2022-46833
moderate-risk
Published 2022-12-13
Use of a Broken or Risky Cryptographic Algorithm in SICK RFU63x firmware version < v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person.
Do I need to act?
-
0.07% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10
Medium
NETWORK
/ LOW complexity
Affected Products (20)
Rfu630-04100 Firmware
Rfu630-04100S01 Firmware
Rfu630-04101 Firmware
Rfu630-04102 Firmware
Rfu630-04103 Firmware
Rfu630-04104 Firmware
Rfu630-04105 Firmware
Rfu630-04106 Firmware
Rfu630-04109 Firmware
Rfu630-04117 Firmware
Rfu630-13100S01 Firmware
Rfu630-13101 Firmware
Rfu630-13102 Firmware
Rfu630-13103 Firmware
Rfu630-13104 Firmware
Rfu630-13105 Firmware
Rfu630-13106 Firmware
Rfu630-13107 Firmware
Rfu630-13108 Firmware
Rfu630-13110 Firmware
Affected Vendors
References (2)
Vendor Advisory
https://sick.com/psirt
Vendor Advisory
https://sick.com/psirt
45
/ 100
moderate-risk
Severity
24/34 · High
Exploitability
0/34 · Minimal
Exposure
21/34 · High