Lucene search

SICK AGCVE-2023-3271

HistoryJul 10, 2023 - 4:15 p.m.

CVE-2023-3271

2023-07-1016:15:55

CWE-284

SICK AG

web.nvd.nist.gov

2460

cve-2023-3271

sick icr890-4

improper access control

unauthenticated remote attacker

rest api

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

AI Score

7.4

Confidence

High

EPSS

0.002

Percentile

52.2%

JSON

Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to gather information about the system and download data via the REST API by accessing
unauthenticated endpoints.

Affected configurations

Nvd

Node

sickicr890-4_firmwareRange<2.5.0

AND

sickicr890-4Match-

VendorProductVersionCPE
sickicr890-4_firmware*cpe:2.3:o:sick:icr890-4_firmware:*:*:*:*:*:*:*:*
sickicr890-4-cpe:2.3:h:sick:icr890-4:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sick	icr890-4_firmware	*	cpe:2.3:o:sick:icr890-4_firmware::::::::
sick	icr890-4	-	cpe:2.3:h:sick:icr890-4:-:::::::*

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "ICR890-4",
    "vendor": "SICK AG",
    "versions": [
      {
        "lessThan": "2.5.0",
        "status": "affected",
        "version": "0",
        "versionType": "*"
      }
    ]
  }
]

References

sick.com/.well-known/csaf/white/2023/sca-2023-0006.json

sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf

sick.com/psirt

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

AI Score

7.4

Confidence

High

EPSS

0.002

Percentile

52.2%

JSON

Related for CVE-2023-3271