CVE-2022-27584
published 2022-11-01CVE-2022-27584: Password recovery vulnerability in SICK SIM2000ST Partnumber 1080579 allows an unprivileged remote attacker to gain access to the userlevel defined as…
PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.23%
65.3th percentile
Password recovery vulnerability in SICK SIM2000ST Partnumber 1080579 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The firmware versions <=1.7.0 allow to optionally disable device configuration over the network interfaces. Please make sure that you apply general security practices when operating the SIM2000ST. A fix is planned but not yet scheduled.
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
SICK SIM2000ST Password Recovery missing authentication (EUVD-2022-32085)
vuldb·2026-05-13·CVSS 9.8
CVE-2022-27584 [CRITICAL] SICK SIM2000ST Password Recovery missing authentication (EUVD-2022-32085)
A vulnerability described as critical has been identified in SICK SIM2000ST. Affected by this issue is some unknown functionality of the component Password Recovery. Executing a manipulation can lead to missing authentication.
This vulnerability is handled as CVE-2022-27584. The attack can be executed remotely. There is not any exploit available.
GHSA
GHSA-482m-76pm-28gj: Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 and 1080579 allows an unprivileged remote attacker to gain access to the userleve
ghsa_unreviewed·2022-11-02
CVE-2022-27584 [CRITICAL] CWE-306 GHSA-482m-76pm-28gj: Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 and 1080579 allows an unprivileged remote attacker to gain access to the userleve
Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 and 1080579 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to a increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. Please make sure that you apply general security practices when operating the SIM2000ST. The following general security practices could mitigate the associated security risk. A fix is planned but not yet scheduled.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-11-01
Published