CVE-2022-27582
published 2022-11-01CVE-2022-27582: Password recovery vulnerability in SICK SIM4000 (PPC) Partnumber 1078787 allows an unprivileged remote attacker to gain access to the userlevel defined as…
PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.23%
65.3th percentile
Password recovery vulnerability in SICK SIM4000 (PPC) Partnumber 1078787 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The firmware versions <=1.10.1 allow to optionally disable device configuration over the network interfaces. Please make sure that you apply general security practices when operating the SIM4000. A fix is planned but not yet scheduled.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sick | sim1000_fx_firmware | < 1.6.0 | 1.6.0 |
| sick | sim1004_firmware | < 2.0.0 | 2.0.0 |
| sick | sim1012_firmware | < 2.2.0 | 2.2.0 |
| sick | sim2000_firmware | < 1.2.0 | 1.2.0 |
| sick | sim2000st_firmware | < 1.2.0 | 1.2.0 |
| sick | sim2500_firmware | < 1.2.0 | 1.2.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
SICK SIM4000 missing authentication (EUVD-2022-32083)
vuldb·2026-05-13·CVSS 9.8
CVE-2022-27582 [CRITICAL] SICK SIM4000 missing authentication (EUVD-2022-32083)
A vulnerability marked as critical has been reported in SICK SIM4000. Affected by this vulnerability is an unknown functionality. Performing a manipulation results in missing authentication.
This vulnerability is known as CVE-2022-27582. Remote exploitation of the attack is possible. No exploit is available.
GHSA
GHSA-wc94-mpg2-r5mg: Password recovery vulnerability in SICK SICK SIM4000 (PPC) Partnumber 1078787 allows an unprivileged remote attacker to gain access to the userlevel d
ghsa_unreviewed·2022-11-02
CVE-2022-27582 [CRITICAL] CWE-306 GHSA-wc94-mpg2-r5mg: Password recovery vulnerability in SICK SICK SIM4000 (PPC) Partnumber 1078787 allows an unprivileged remote attacker to gain access to the userlevel d
Password recovery vulnerability in SICK SICK SIM4000 (PPC) Partnumber 1078787 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to a increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. Please make sure that you apply general security practices when operating the SIM4000. The following general security practices could mitigate the associated security risk. A fix is planned but not yet scheduled.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-11-01
Published