CVE-2021-32496 - OpenCVE

SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inadequate Encryption Strength vulnerability concerning the internal SSH interface solely used by SICK for recovering returned devices. The use of weak ciphers make it easier for an attacker to break the security that protects information transmitted from the client to the SSH server, assuming the attacker has access to the network on which the device is connected. This can increase the risk that encryption will be compromised, leading to the exposure of sensitive user information and man-in-the-middle attacks.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sick	Visionary-s Cx Visionary-s Cx Firmware

Configuration 1 [-]

AND

cpe:2.3:o:sick:visionary-s_cx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:visionary-s_cx:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories

History

No history.

MITRE

Status: PUBLISHED

Assigner: SICK AG

Published: 2021-06-28T11:02:32

Updated: 2024-08-03T23:17:29.551Z

Reserved: 2021-05-10T00:00:00

Link: CVE-2021-32496

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-06-28T12:15:14.703

Modified: 2021-07-02T17:44:24.213

Link: CVE-2021-32496

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "SICK Visionary-S CX", "vendor": "n/a", "versions": [{"status": "affected", "version": "<5.21.2.29154R"}]}], "descriptions": [{"lang": "en", "value": "SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inadequate Encryption Strength vulnerability concerning the internal SSH interface solely used by SICK for recovering returned devices. The use of weak ciphers make it easier for an attacker to break the security that protects information transmitted from the client to the SSH server, assuming the attacker has access to the network on which the device is connected. This can increase the risk that encryption will be compromised, leading to the exposure of sensitive user information and man-in-the-middle attacks."}], "problemTypes": [{"descriptions": [{"description": "Inadequate SSH configuration in Visionary-S CX", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-06-28T11:02:32", "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "shortName": "SICK AG"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@sick.de", "ID": "CVE-2021-32496", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SICK Visionary-S CX", "version": {"version_data": [{"version_value": "<5.21.2.29154R"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inadequate Encryption Strength vulnerability concerning the internal SSH interface solely used by SICK for recovering returned devices. The use of weak ciphers make it easier for an attacker to break the security that protects information transmitted from the client to the SSH server, assuming the attacker has access to the network on which the device is connected. This can increase the risk that encryption will be compromised, leading to the exposure of sensitive user information and man-in-the-middle attacks."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Inadequate SSH configuration in Visionary-S CX"}]}]}, "references": {"reference_data": [{"name": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories", "refsource": "MISC", "url": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T23:17:29.551Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories"}]}]}, "cveMetadata": {"assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "assignerShortName": "SICK AG", "cveId": "CVE-2021-32496", "datePublished": "2021-06-28T11:02:32", "dateReserved": "2021-05-10T00:00:00", "dateUpdated": "2024-08-03T23:17:29.551Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sick:visionary-s_cx_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "88B84A38-24C1-4AC0-8075-59891D947F8D", "versionEndExcluding": "5.21.2.29154r", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sick:visionary-s_cx:-:*:*:*:*:*:*:*", "matchCriteriaId": "0E46BE6B-3294-4E3A-92D8-18431F82E83D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inadequate Encryption Strength vulnerability concerning the internal SSH interface solely used by SICK for recovering returned devices. The use of weak ciphers make it easier for an attacker to break the security that protects information transmitted from the client to the SSH server, assuming the attacker has access to the network on which the device is connected. This can increase the risk that encryption will be compromised, leading to the exposure of sensitive user information and man-in-the-middle attacks."}, {"lang": "es", "value": "SICK Visionary-S CX hasta la versi\u00f3n 5.21.2.29154R, son susceptibles a una vulnerabilidad de Fuerza de Encriptaci\u00f3n Inadecuada relativa a la interfaz interna SSH utilizada \u00fanicamente por SICK para la recuperaci\u00f3n de dispositivos devueltos. El uso de cifrados d\u00e9biles facilita a un atacante rompa la seguridad que protege la informaci\u00f3n transmitida desde el cliente al servidor SSH, asumiendo que el atacante tenga acceso a la red en la que est\u00e1 conectado el dispositivo. Esto puede aumentar el riesgo de que la encriptaci\u00f3n se vea comprometida, conllevando a la exposici\u00f3n de informaci\u00f3n confidencial del usuario y ataques de tipo man-in-the-middle"}], "id": "CVE-2021-32496", "lastModified": "2021-07-02T17:44:24.213", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-28T12:15:14.703", "references": [{"source": "psirt@sick.de", "tags": ["Vendor Advisory"], "url": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories"}], "sourceIdentifier": "psirt@sick.de", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-326"}], "source": "nvd@nist.gov", "type": "Primary"}]}