CVE-2021-32496

Name of the Vulnerable Software and Affected Versions SICK Visionary-S CX up version 5.21.2.29154R

Description The issue concerns an Inadequate Encryption Strength vulnerability related to the internal SSH interface used by SICK for recovering returned devices. The use of weak ciphers makes it easier for an attacker to break the security that protects information transmitted from the client to the SSH server, assuming the attacker has access to the network on which the device is connected. This can increase the risk that encryption will be compromised, leading to the exposure of sensitive user information and man-in-the-middle attacks.

Recommendations For SICK Visionary-S CX version 5.21.2.29154R, consider disabling the internal SSH interface until a patch is available to mitigate the risk of exploitation. Restrict access to the network on which the device is connected to minimize the risk of an attacker breaking the security that protects information transmitted from the client to the SSH server. At the moment, there is no information about a newer version that contains a fix for this vulnerability.