CVE-2022-27583 - OpenCVE

A remote unprivileged attacker can interact with the configuration interface of a Flexi-Compact FLX3-CPUC1 or FLX3-CPUC2 running an affected firmware version to potentially impact the availability of the FlexiCompact.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Sick	Flx3-cpuc1 Firmware Flx3-cpuc1 Flx3-cpuc2 Flx3-cpuc2 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:sick:flx3-cpuc1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:flx3-cpuc1:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:sick:flx3-cpuc2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:flx3-cpuc2:-:*:*:*:*:*:*:*

References

Link	Resource
https://sick.com/psirt	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: SICK AG

Published: 2022-10-31T00:00:00

Updated: 2022-10-31T00:00:00

Reserved: 2022-03-21T00:00:00

Link: CVE-2022-27583

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-10-31T20:15:12.580

Modified: 2023-07-11T19:56:15.537

Link: CVE-2022-27583

JSON object: View

Redhat Information

No data.

CWE

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sick:flx3-cpuc1_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EC3BE00A-7842-4F1D-B9D9-4B618D2976B8", "versionEndExcluding": "1.10.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sick:flx3-cpuc1:-:*:*:*:*:*:*:*", "matchCriteriaId": "98AC8E4B-D4EF-4EFB-B667-7AF4D9BE1CAA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sick:flx3-cpuc2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B5ADF47A-FCD3-4566-9BAB-21014F16F113", "versionEndExcluding": "1.10.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sick:flx3-cpuc2:-:*:*:*:*:*:*:*", "matchCriteriaId": "42F0FDDE-4690-4EEF-A7F4-A56EF57DF0A4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A remote unprivileged attacker can interact with the configuration interface of a Flexi-Compact FLX3-CPUC1 or FLX3-CPUC2 running an affected firmware version to potentially impact the availability of the FlexiCompact."}, {"lang": "es", "value": "Un atacante remoto sin privilegios puede interactuar con la interfaz de configuraci\u00f3n de un Flexi-Compact FLX3-CPUC1 o FLX3-CPUC2 que ejecuta una versi\u00f3n de firmware afectada para afectar potencialmente la disponibilidad del FlexiCompact."}], "id": "CVE-2022-27583", "lastModified": "2023-07-11T19:56:15.537", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-10-31T20:15:12.580", "references": [{"source": "psirt@sick.de", "tags": ["Vendor Advisory"], "url": "https://sick.com/psirt"}], "sourceIdentifier": "psirt@sick.de", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-285"}], "source": "psirt@sick.de", "type": "Secondary"}]}