CVE-2022-27581 : Use of a Broken or Risky Cryptographic Algorithm in SICK RFU61x firmware version

Use of a Broken or Risky Cryptographic Algorithm in SICK RFU61x firmware version <v2.25 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person.

Published 2022-12-13 16:15:19

Updated 2025-04-22 16:15:29

Source SICK AG

View at NVD, CVE.org

Products affected by CVE-2022-27581

Sick » Rfu610-10600 Firmware
Versions before (<) 2.25
cpe:2.3:o:sick:rfu610-10600_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Sick » Rfu610-10600 » Version: N/A
Sick » Rfu610-10601 Firmware
Versions before (<) 2.25
cpe:2.3:o:sick:rfu610-10601_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Sick » Rfu610-10601 » Version: N/A
Sick » Rfu610-10603 Firmware
Versions before (<) 2.25
cpe:2.3:o:sick:rfu610-10603_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Sick » Rfu610-10603 » Version: N/A
Sick » Rfu610-10604 Firmware
Versions before (<) 2.25
cpe:2.3:o:sick:rfu610-10604_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Sick » Rfu610-10604 » Version: N/A
Sick » Rfu610-10605 Firmware
Versions before (<) 2.25
cpe:2.3:o:sick:rfu610-10605_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Sick » Rfu610-10605 » Version: N/A
Sick » Rfu610-10607 Firmware
Versions before (<) 2.25
cpe:2.3:o:sick:rfu610-10607_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Sick » Rfu610-10607 » Version: N/A
Sick » Rfu610-10609 Firmware
Versions before (<) 2.25
cpe:2.3:o:sick:rfu610-10609_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Sick » Rfu610-10609 » Version: N/A
Sick » Rfu610-10610 Firmware
Versions before (<) 2.25
cpe:2.3:o:sick:rfu610-10610_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Sick » Rfu610-10610 » Version: N/A
Sick » Rfu610-10613 Firmware
Versions before (<) 2.25
cpe:2.3:o:sick:rfu610-10613_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Sick » Rfu610-10613 » Version: N/A
Sick » Rfu610-10614 Firmware
Versions before (<) 2.25
cpe:2.3:o:sick:rfu610-10614_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Sick » Rfu610-10614 » Version: N/A
Sick » Rfu610-10618 Firmware
Versions before (<) 2.25
cpe:2.3:o:sick:rfu610-10618_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Sick » Rfu610-10618 » Version: N/A
Sick » Rfu610-10700 Firmware
Versions before (<) 2.25
cpe:2.3:o:sick:rfu610-10700_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Sick » Rfu610-10700 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2022-27581

EPSS FAQ

0.09%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 23 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-27581

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	2.8	3.6	134c704f-9b21-4f2e-91b3-4a467353bcc0	2025-04-22
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None
6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	2.8	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2022-27581

CWE-327 Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.
Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)
- psirt@sick.de (Secondary)

References for CVE-2022-27581

https://sick.com/psirt

The SICK Product Security Incident Response Team (SICK PSIRT) | SICK
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2022-27581

Products affected by CVE-2022-27581

Exploit prediction scoring system (EPSS) score for CVE-2022-27581

CVSS scores for CVE-2022-27581

CWE ids for CVE-2022-27581

References for CVE-2022-27581