- Description
- An attacker may exploit the use of weak CBC-based cipher suites in the device’s SSH service to potentially observe or manipulate parts of the encrypted SSH communication, if they are able to intercept or interact with the network traffic.
- Source
- psirt@sick.de
- NVD status
- Analyzed
- Products
- lms1000_firmware, mrs1000_firmware
CVSS 3.1
- Type
- Primary
- Base score
- 9.1
- Impact score
- 5.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- Severity
- CRITICAL
- psirt@sick.de
- CWE-327
- Hype score
- Not currently trending
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sick:lms1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88192768-5BFB-4267-BF9A-7D35C79DC6AA",
"versionEndExcluding": "2.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sick:lms1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "909B274C-06A9-4AFB-A298-6E32A0BD11B7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sick:mrs1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "487CA09F-7ECD-4A1F-A2CF-DAA9FA6C68BF",
"versionEndExcluding": "2.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sick:mrs1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A99E9D30-4967-46EB-A046-8FD8718FD9EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
]