CVE-2022-47377

Name of the Vulnerable Software and Affected Versions SICK SIM2000ST Partnumber 2086502 versions prior to 1.13.4

Description A password recovery vulnerability allows an unprivileged remote attacker to gain access to the user level defined as RecoverableUserLevel by invoking the password recovery mechanism method. This leads to an increase in their privileges on the system, affecting the confidentiality, integrity, and availability of the system. An attacker can expect repeatable success by exploiting this issue.

Recommendations For SICK SIM2000ST Partnumber 2086502 versions prior to 1.13.4, update the firmware to a version >= 1.13.4 as soon as possible, available in the SICK Support Portal.