Lucene search

SICK AGCVE-2023-31410

HistoryJun 19, 2023 - 3:15 p.m.

CVE-2023-31410

2023-06-1915:15:09

CWE-319

SICK AG

web.nvd.nist.gov

cve-2023-31410

sick eventcam app

man-in-the-middle

tls

communication channel

unauthorized disclosure

eavesdropping

data manipulation

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

31.6%

JSON

A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK EventCam App. This lack of encryption in the communication channel can lead to the unauthorized disclosure of sensitive information. The attacker can exploit this weakness to eavesdrop on the communication between the EventCam App and the Client, and potentially manipulate the data being transmitted.

Affected configurations

Nvd

Node

sicksick_eventcam_app

VendorProductVersionCPE
sicksick_eventcam_app*cpe:2.3:a:sick:sick_eventcam_app:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sick	sick_eventcam_app	*	cpe:2.3:a:sick:sick_eventcam_app::::::::

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "EventCam App",
    "vendor": "SICK AG",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  }
]

References

sick.com/.well-known/csaf/white/2023/sca-2023-0005.json

sick.com/.well-known/csaf/white/2023/sca-2023-0005.pdf

sick.com/psirt

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

31.6%

JSON

Related for CVE-2023-31410