CVE-2022-46833 is a vulnerability identified in the firmware of SICK RFU63x devices, specifically in versions prior to 2.21. The issue stems from the use of broken or risky cryptographic algorithms (CWE-327) when weak cipher suites are explicitly requested by the user via the device's SSH interface. This vulnerability allows a low-privileged remote attacker to decrypt encrypted data transmitted or stored by the device. The root cause is the acceptance and use of weak cipher suites for encryption, which undermines the confidentiality of the data. The vulnerability does not require user interaction but does require the attacker to have low-level privileges on the device, which could be obtained through other means. The CVSS 3.1 base score is 6.5 (medium severity), with an attack vector of network (remote), low attack complexity, privileges required at a low level, no user interaction, and a high impact on confidentiality but no impact on integrity or availability. There are no known exploits in the wild, and a firmware update to version 2.21 or later is available through SICK customer contacts to remediate this issue.

For European organizations using SICK RFU63x devices, which are commonly employed in industrial automation, logistics, and manufacturing sectors, this vulnerability poses a risk to the confidentiality of sensitive operational data. An attacker exploiting this flaw could decrypt sensitive information such as configuration details, operational commands, or proprietary data transmitted via SSH. While the integrity and availability of the device are not directly impacted, the exposure of confidential data could lead to industrial espionage, competitive disadvantage, or the facilitation of further attacks. Given the critical role these devices play in automation and control systems, the confidentiality breach could indirectly affect operational security and compliance with data protection regulations such as GDPR. The requirement for low privileges reduces the barrier for exploitation, especially in environments where internal network segmentation or access controls are weak.

European organizations should prioritize updating SICK RFU63x firmware to version 2.21 or later as provided by SICK customer support. Beyond patching, organizations should audit and restrict SSH cipher suite configurations to disallow weak or deprecated algorithms, enforcing strong cryptographic standards (e.g., AES-GCM, ChaCha20). Network segmentation should be implemented to limit access to the devices' management interfaces, and multi-factor authentication should be enforced for SSH access where possible. Regular monitoring and logging of SSH sessions can help detect unauthorized access attempts. Additionally, organizations should conduct internal vulnerability assessments to identify any devices running vulnerable firmware and maintain an asset inventory to ensure timely patch management. Training for operational technology (OT) staff on secure configuration and firmware update procedures is also recommended to prevent inadvertent use of weak cipher suites.