CVE-2022-27584

Name of the Vulnerable Software and Affected Versions SICK SIM2000ST versions <=1.7.0

Description A password recovery issue allows an unprivileged remote attacker to invoke the password recovery mechanism method, gaining access to the user level defined as RecoverableUserLevel. This results in increased privileges on the system, affecting confidentiality, integrity, and availability. The attacker can expect repeatable success. Firmware versions <=1.7.0 optionally allow disabling device configuration over network interfaces. General security practices should be applied when operating the SIM2000ST.

Recommendations For SICK SIM2000ST versions <=1.7.0, consider disabling device configuration over network interfaces as a temporary mitigation measure until a fix is available. Apply general security practices when operating the SIM2000ST. At the moment, there is no information about a newer version that contains a fix for this vulnerability.