CVE-2022-27586

Name of the Vulnerable Software and Affected Versions SICK SIM1004 Partnumber 1098148 versions prior to 2.0.0

Description A password recovery issue allows an unprivileged remote attacker to invoke the password recovery mechanism method, gaining access to the user level defined as RecoverableUserLevel. This results in increased privileges on the system, affecting confidentiality, integrity, and availability. An attacker can expect repeatable success by exploiting this issue.

Recommendations For SICK SIM1004 Partnumber 1098148 versions prior to 2.0.0, update the firmware to a version >= 2.0.0 as soon as possible, available in the SICK Support Portal.