CVE-2022-27582

Name of the Vulnerable Software and Affected Versions SICK SIM4000 (PPC) Partnumber 1078787 versions <=1.10.1

Description A password recovery issue allows an unprivileged remote attacker to invoke the password recovery mechanism method, gaining access to the user level defined as RecoverableUserLevel. This results in increased privileges on the system, affecting its confidentiality, integrity, and availability. The attacker can expect repeatable success. Firmware versions <=1.10.1 have an option to disable device configuration over network interfaces.

Recommendations For SICK SIM4000 (PPC) Partnumber 1078787 versions <=1.10.1, consider disabling device configuration over network interfaces as a temporary mitigation measure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.