CVE-2022-27585

Name of the Vulnerable Software and Affected Versions SICK SIM1000 FX Partnumber 1097816 and 1097817 versions prior to 1.6.0

Description A password recovery issue allows an unprivileged remote attacker to gain access to the user level defined as RecoverableUserLevel by invoking the password recovery mechanism method. This leads to an increase in their privileges on the system, affecting the confidentiality, integrity, and availability of the system. An attacker can expect repeatable success by exploiting this issue.

Recommendations For SICK SIM1000 FX Partnumber 1097816 and 1097817 versions prior to 1.6.0, update the firmware to a version >= 1.6.0 as soon as possible, available in the SICK Support Portal.